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‘Tight IT Budgets 
Impair Planning 
As War Looms 


Companies lack funds 
for disaster protection 


States struggle to pay 
for homeland security 





BY DAN VERTON 
Regardless of how imminent a 
U.S.-led war in Iraq might be, 
IT budget constraints are pre- 
venting many companies from 
taking appropriate security 
and disaster-preparedness 
measures to defend them- 
selves against possible retalia- 
tory terrorist strikes. 

It’s not necessarily that the 
threat is being ignored. It’s 
just that the money many IT 
managers would like to have 
to combat it just isn’t there. 

John Ervin, a systems ad- 

Companies, page 53 





BY PATRICK THIBODEAU 
WASHINGTON 


States are rapidly taking steps 





to standardize systems, elimi- 
nate IT redun- ‘ 
dancy and cut 

expenses in or- 

der to fund cash- 

strapped home- 


| land security ini- 


tiatives. 

State IT spending will rise 
slightly this year, much of it 
going to improve administra- 
tive and health systems, Feder- 
al Sources Inc. forecast last 


| week. But new IT projects will | 


| be rare, because funding by 
| Congress for homeland secu- 


rity is less than what IT man- 
agers say they need. 
“It’s extremely frustrating,” 


| said Rizwan Ahmed, whose 
| duties include serving as CIO 


of the Louisiana Department 
of Natural Resources. Federal 


| homeland security officials 


have asked his agency to help 
produce geographic informa- 


| tion system maps of critical oil 


and gas pipelines. Although 
the mapping is getting done, 
“it’s at the expense of some of 


| our own projects,” he said. 


A telling sign of the bleak 
outlook was of- 
fered last week 
by FSI Presi- 
dent James 
Kane at the 
company’s an- 

— nual state con- 
ference. Of approximately 500 


| potential IT spending projects 
| that FSI is tracking — projects 


that haven’t yet been put out to 
bid — two-thirds are on hold. 
States, page 53 
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Top Execs Demand Data Now 


But legacy systems 
hamper delivery of 
real-time information 
BY THOMAS HOFFMAN 


A growing number of CIOs 
say they’re facing increased 


| . . 
pressure to deliver real-time 


financial and operational data 
to their CEOs and chief finan- 
cial officers, who want to be 
able to react more quickly to 
changing business conditions. 
The problem is, many IT 
departments are struggling to 
meet such demands due to 
legacy system constraints and 
half-baked enterprise applica- 
tion integration efforts that 
haven't been aligned with cor- 
porate business processes. 
Extracting financial and op- 


erational information for use 


by business managers “takes 
us weeks,” said Steve Scott, 
vice president of IT at Vision 
Service Plan, a Sacramento, 


BreakingOutsourcingBariers 


CiOs at Allstate Insurance, 
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WATCH 


Documentum and Coast Capital 
Savings all have outsourcing 


success stories to tell. But none of them got where they 
are by following conventional playbooks. Instead, they 
focused on the idiosyncrasies of their companies’ busi- 
ness needs. So did the ClOs at General Motors and 
Bank One, who offer up some of the tough lessons 
they learned before adopting opposing all-or-nothing 
approaches to IT outsourcing. 

READ THEIR STORIES, BEGINNING ON PAGE 39. 


| Java,” 
| soft Corp. tool known for its 
ease of use. 





Calif.-based eye care benefits 

administrator that serves 36 

million people in the U.S. 
Scott was one of several 


— | technology managers who not- 
| ed the challenges posed by 
| real-time reporting demands 


at Computerworld’s Premier 
100 IT Leaders Conference 


| late last month. He said VSP is 
| currently constrained by a 23- 


year-old financial system that 


| it plans to replace within the 


next 12 months. Scott added 
that VSP is looking to install a 
Real-Time Data, page 16 


New BEA Tool 
Wins Guarded 
User Support 


Developers wary of 


proprietary f features 


BY CAROL SLIWA 
ORLANDO 
BEA Systems Inc.’s new Web- 
Logic Workshop 8.1 tool drew 
mixed reactions — sometimes 
from the same person — at the 
software maker’s eWorld con- 
ference, held here last week. 
The allure for many users is 


| the point-and-click, drop-and- 
| drag tool’s potential to boost 

| developer productivity. Sever- 
| al developers called Work- 


shop compelling, and some re- 
ferred to it as “Visual Basic for 
referencing the Micro- 


But there’s a trade-off for 


| the new features. Many users 


took note of various propri- 


| etary application program- 


ming interfaces and class li- 

braries in WebLogic Work- 

shop 8.1 that they fear may re- 
BEA Tool, page 15 
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your antivirus software provide double the scanning power? 


Making sure your company is secure gets more and more difficult every day. That’s why eTrust™ Antivirus v7 
from Computer Associates uses dual scanning engines to ensure comprehensive virus protection. It processes 
data in real time to search out and eliminate viruses, and it also scans files during prescheduled and 
off-peak hours. All at the cost of most single-engine AV products. It’s more than just twice the protection. 


It’s twice the peace of mind. ca.com/etrust/antivirus 
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6 Manufacturers expect mod- 
est IT budget increases, with 
emphasis on integration, sup- 
ply chain and customer-facing 
projects. 


Microsoft expands its Office 
family with new additions. 


The push for antispam laws 
heats up. States rush to pass 
bills, but Congress may pre- 
empt them 


CRM still inspires caution. 
Fearing repeats of past fail- 
ures, companies roll out soft- 
ware slowly. 


Bug-fixing process improves. 
The sendmail episode reveals 
some positive changes, but 
more remains to be done. 


SANS lauds Microsoft for se- 
curity efforts, presenting the 
vendor with three awards. 


Group seeks standards for 
managing Web services. 


AT&T launches an SSL-based 
VPN service. 


Vendors team up to develop a 
device to manage remote ac- 
cess to WANs and authenti- 
cate wireless LAN users. 


Utility turns to EAl tools to 
revamp supply chain integra- 
tion initiative. 


Antitrust suit widens rift in 
toner cartridge battle. 


Q&A: Dell exec pushes for 
fast growth of company’s 
$1 billion storage unit. 


: 30 Compression Relieves Cen 
gestion. Wide-area network 
traffic-compression appli- 
ances promise to let network 
managers increase traffic 
loads without expensive up- 
grades to WAN links. Users 
tell us about their experiences 
with these products. 


32 Security Manager’s Journal: 
When Bad Things Happen to 
Good Demos. Rather than 
showing Vince Tuesday and 
his team how its security 
product would save them 
some time, a vendor present- 
ed a demo that made it clear 
that the software would create 
extra steps for the user. 
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39 Outsourcing Watch 2003: 
Breaking Outsourcing 
Boundaries. Conventional 
wisdom about IT outsourcing 
may not make sense for your 
business. Three IT leaders tell 
how they got great results by 
breaking the rules. 





42 Outsourcing Watch 2003: 
All or Nothing. GM and Bank 
One take opposite approaches 
to outsourcing. Their CIOs 
share the lessons learned 
from the different strategies. 


44 Q&A: Predictable Surprises. 
Many IT disasters are pre- 
ventable if you know how to 
spot them in advance. Learn 
what to look for in an inter- 
view with Michael D. Wat- 
kins, who co-wrote an article 
about the subject in the Har- 
vard Business Review 


10 On the Mark: Mark Hall 
learns that Web services man- 
agement has no standards — 
and few tools to help in the 
meantime. 


20 Patricia Keefe looks at the 
ways you should have already 
prepared your company for the 
possibility of war with Iraq. 


20 Pimm Fox discovers a univer- 
sal problem on par with death 
and taxes: lost data. But it’s 
most painful to those in the 
financial industry, who face 
new rules to keep track of all 
their messaging systems. 


Thornton May identifies the 
real IT credibility problem. 
It’s not with IT managers; it’s 
with users who don’t know 
what they don’t know. 


37 Nicholas Petreley wonders 
what might happen in a soft- 
ware World Series. 


46 Bart Perkins warns IT man- 
agers to do their homework 
before leaping into outsourc- 
ing contracts. 


54 Frankly Speaking: Frank 
Hayes says you should stop 
what you’re doing and go 
patch your sendmail servers. 
Now. What are you waiting 
for? Do it. 
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SCO Sues IBM 
For $1B Over Unix 


The SCO Group filed a lawsuit in a 
Utah state court charging IBM 
with breaching a Unix license 
agreement and stealing trade se- 
crets. Lindon, Utah-based SCO, 
which owns the source code for 
Unix, claimed that IBM is iliegally 
using Unix features as part of its 
Linux services business. SCO is 
seeking damages of at least 

$1 billion and threatening to re- 
voke IBM’s Unix license. An IBM 
spokesman said the suit “is full of 
bare allegations and no facts.” 


IBM Builds Data 
Workload Tools 


In other IBM news, the company 
announced three tools designed 
to let systems automatically shift 
computing resources to meet in- 
creases in data processing de- 
mands. The new tools initially will 
work with the latest versions of 
IBM’s DB2 database and Web- 
Sphere application server soft- 
ware. IBM said its IT services unit 
also plans to use the technology 
as part of its offerings. 


SAP Late With Apps 
For Small Business 


SAP AG added five industry-spe- 
cific versions of business applica- 
tions it has tailored for small and 
midsize companies. But the com- 
pany confirmed that a planned 
U.S. rollout of general-purpose 
applications for those users has 
been delayed. SAP said it expects 
the mySAP Business One soft- 
ware, which had been due late 
last year, to be ready within the 
next few months. 


Short Takes 


MICROSOFT CORP. released a 
beta-test version of a corporate 
instant messaging and real-time 
collaboration tool, code-named 
Greenwich. . .. GROOVE NET- 
WORKS INC., a software vendor in 
Beverly, Mass., said it received 
$38 million in new financing but 
laid off 20% of its workers. 
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| BY JAIKUMAR VIJAYAN 

| CHICAGO 

| Integration of back-end and 
plant-floor applications, as 
well as projects that build bet- 
ter links with suppliers and 

| customers, is where many 
manufacturing companies will 
focus their IT spending this 


| year. 


Despite the ongoing reces- 


| sion, most manufacturers ex- 


pect their IT spending to in- 
crease modestly this year, ac- 
cording to the results of a sur- 
vey released by the National 
Association of Manufacturers 
(NAM) at last week’s National 
Manufacturing Week trade 
show here. 


manufacturers surveyed said 


| they expect IT budgets to 


grow by up to 5% over last 
year. Another 8% said their IT 


BY CAROL SLIWA 
Microsoft Corp. today will be- 
gin distributing a beta evalua- 
tion kit of its newly named 
Office System product set, 
which includes two new addi- 
tions to the family. 

One new offering, called 
InfoPath, allows users to cre- 
ate and complete XML-based 
forms and submit them to 
| XML-enabled systems. The 
other, OneNote, is a digital 
note-taking application that 
can be used on a laptop, desk- 
top or Tablet PC. 

The beta evaluation kit also 
includes the five products that 
are part of the Office 2003 
suite: Word, Excel, Outlook, 
PowerPoint and Access. 

Also shipping with the kit 





Nearly 70% of the 300 main- | 
| ly small and medium-size 


| spending is expected to grow 
between 5% and 10%. 

Most of the spending will be 
directed at improving cus- 
tomer linkages as well as 
plant-floor and supply chain 
efficiencies, said Jerry Jasi- 
nowski, president of the 


| Washington-based NAM. 


Additionally, a lot of the re- 
sources that manufacturing 
companies acquired to deal 
with the Y2k rollover are 
rapidly becoming obsolete and 
due for revamps this year, Jasi- 
nowski said. 


On Hold 


| “We were really on hold last 


year. But this year, we are ex- 
pecting at least a 5% increase 

| in IT spending,” said Tony 

| Raimondo, CEO of Behlen 
Manufacturing Co., a supplier 
| of building material in Colum- 
| bus, Neb. One of the bigger 





Microsoft Expands Its 
Office Family by Two 


are the FrontPage Web-site 
creation and management 
tool; the Office Publisher 
product, which aims to help 
users create marketing materi- 
als; Windows SharePoint Ser- 
vices, an engine for creating 
Web sites that enable informa- 


Microsoft 
Office System 
INFOPATH: Application that al- 
lows users to create and com- 


plete XML-based forms and sub- 
mit them to XML-enabled sys- 


ONENOTE: Digital note-taking 
product intended to help users 
organize and search their notes. 











‘Manufacturing Firms Expect 
Modest IT Budget Increases 


| 7 . . . . 
| Emphasis is on integration, supply 
chain and customer-facing projects 


Expect to 
spend less 
than last 
year. 


Expect IT spending 
to increase 
up to 5%. 


Expect 

more than 
15% growth 

in IT spending. 
NOTE: Numbers 
do not add up to 
100% due to 
rounding. 


—_——e 
Expect 
increases of 
5.1% to 10%. 


3% Expect 

spending to grow 

by 10.1% to 15%, 
projects being implemented 
by Behlen this year is a bar- 
code system that will allow 
the collection of real-time data 
on products being assembled 
on the shop floor. Such proj- 
ects are “key to unlocking pro- 
ductivity gains,” he said. 

“A down economy is the 
perfect time to invest,” said 
David Krauthamer, director of 
information systems at Ad- 


tion sharing and document 
collaboration; and SharePoint 
Portal Server 2.0, which inte- 
grates information from vari- 
ous systems through single 
sign-on and enterprise appli- 
cation integration capabilities. 
Dan Leach, a lead product 

manager in Microsoft’s infor- 
mation worker product man- 
agement group, said the set of 
products is now referred to as 


| the Microsoft Office System to 


reflect the comprehensive set 
of productivity applications, 
servers and services designed 
to connect people and organi- 
zations to their information 
and back-end systems. 

This is the second beta of 


| Office System, and Leach said 


it will be the final one, though 
there potentially could be “re- 
lease candidates” before the 
final release of the product set 
this summer. 

New features that weren’t 
part of the first beta, which 


IATION OF MANUFACTURERS, WA 
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vanced Fibre Communications 
Inc., a manufacturer of tele- 
communications equipment in 
Petaluma, Calif. “My budget is 
up, particularly capital. We’re 
spending money on customer 
collaboration, demand plan- 
ning, portfolio management 
and a human resources [sys- 
tem],” said Krauthamer. The 
company is also implementing 
a project to significantly reduce 
the amount of fiber it has to 
run for data communications. 

Others, such as IMC Global, 
a $2 billion Lake Forest, IIl.- 
based manufacturer of phos- 
phates, expect capital expen- 
ditures to remain flat com- 
pared with last year. Even so, 
projects that help IMC reach 
out to customers and suppli- 
ers in a more efficient manner 
will receive priority, said Doug 
Pertz, CEO of the company. 

Such plans come at a time 
when three-fourths of NAM 
members say U.S manufactur- 
ing is in crisis. Rising operat- 
ing costs in an environment 
where growth and export sales 
are stalled are the causes, ac- 
cording to Jasinowski. 

“These are certainly the 
most uncertain times for man- 
ufacturing in modern econom- 
ic history,” he said. D 


was released in October, in- 
clude junk-mail filtering and a 
business contact manager in 
Outlook 2003, as well as infor- 
mation rights management 
(IRM) capabilities that enable 
users to control access to doc- 
uments they create with Of- 
fice products, Leach said. 

Recipients of protected doc- 
uments will need client soft- 
ware enabled with Microsoft’s 
IRM viewing capability in or- 
der to open them, Leach said. 
Other major changes in the 
new version of Office include 
support for XML and Web ser- 
vices, he said. 

Microsoft Office System 
pricing has yet to be an- 
nounced. Microsoft first post- 
ed the second beta of Office 
2003 to its developer network 
site last month, only to pull 
the software a few hours later, 
claiming that the product 
wasn’t ready and that the post- 
ing was inadvertent. D 
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States Rush to Pass 
Laws to Fight Spam 


Congress urged to preempt states by 
adopting a national antispam rule 





BY PATRICK THIBODEAU 
WASHINGTON 
Y THE END of this 
year, all 50 states may 
have antispam laws, 
and Congress could 
also act to adopt a national 
law. Lawmakers have never 
been under greater pressure 
to take action to fight spam. 
But there’s little hope that leg- 
islation will bring IT man- 
agers much relief. 

So far, 26 states have adopt- 
ed spam laws that do things 
such as making forged address 
headers illegal. Other laws re- 
quire that “ADV,” short for ad- 
vertisement, be included in 
the subject line of unsolicited 
commercial e-mail. 

Emily Hackett, state policy 
director of the Internet Al- 
liance in Washington, which 
represents some large Internet 
service providers, said states 
without an antispam law will 
soon have one. “There isn’t 
any opposition to it,” she said. 


Marketing Troubled 

But the state bills are trou- 
bling for the marketing indus- 
try. Some allow lawsuits 
against spammers that violate 
posted policies, which scares 
companies that use unsolicit- 
ed e-mail to prospect for cus- 
tomers. There are also states 
eyeing a “do-not-spam” list 
similar to do-not-call telemar- 
keting lists. 

Congress is being pushed to 
act, in part to preempt state 
laws with a national one. The 
Direct Marketing Association 
(DMA) in New York, long an 
opponent of any spam regula- 
tion, is now backing a federal 
law to end the hodgepodge of 
state laws. No bills have been 
introduced yet, but that’s ex- 
pected to change. 

“It’s very difficult to keep 
track of varying state laws,” 





| 
| 
| 


said Louis Mastria, a DMA 
spokesman, who added that 
state laws are ineffective be- 
cause a marketer 
doesn’t necessarily 
know the physical 
address of a person 
being solicited. 
The state laws “set 
up legitimate 
e-mail marketers 
for a black eye,” he said. | 
Another major proponent of | 
action is Microsoft Corp., | 
| 


at our Web site: 


which last month ran ads in 
newspapers saying that “new, 


| 
NEW TOOLS 
Corporate options for fighting 
spam are growing. Read more 


© QuickLink 36877 
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strong laws are needed” to 
combat spam. The USS. Feder- 
al Trade Commission is plan- 
ning a three-day forum on 
spam next month, an event 
that’s seen as a pivotal gather- 
ing of all sides in the debate. 
The success of 
any legislation will 
depend on en- 
forcement, said 
Michael Redman, 
information sys- 
tems director at 
Nicholson Manu- 
facturing Co. in Seattle. Wash- 
ington has an antispam law, 
but Redman said he’s seen lit- 
tle impact from it. “There is a 
substantial amount of legisla- 


CRM Projects Continue to 
Inspire Caution, Users Say 


Fearing failure, 
companies roll out 
software slowly 


BY MARC L. SONGINI 

CHICAGO 

Despite several years of tech- 
nology evolution, rollouts of 
customer relationship man- 
agement (CRM) software still 
pose challenges that are caus- 
ing many companies to pro- 
ceed with caution. 

Corporate IT managers con- | 
tinue to face considerable pit- 
falls on CRM installations, ac- 
cording to Scott Nelson, a 
Gartner Inc. analyst who 
spoke at the consulting firm’s 
CRM Summit Spring 2003 
conference here last week. 
Nelson said Gartner last year 
surveyed hundreds of compa- 
nies that have installed CRM 
applications, and about 55% of 
the respondents characterized 
their rollouts as failures. 

Several conference atten- 
dees acknowledged that adop- 
tion of CRM tools by end 
users can be very slow. Many 





| users are interested in CRM 


capabilities, but the technolo- 


| gy “causes fear,” said Shawn 


Kaplan, director of marketing 
and business development at 
New York-based financial data 
provider Reuters America Inc. 
Reuters has rolled out 
Siebel Systems Inc.’s CRM ap- 
plications internally and is 
now looking to 
provide CRM 
functionality to 
financial advisers 
who use Reuters 
data. But if CRM 
tools are provid- 
ed as stand-alone 
applications, 
many users aren’t 
going to bother 
to launch them 
Kaplan said. 
With that in 
mind, he added, 
Reuters plans to use Web ser- 
vices integration technology 
developed by CRM vendor 
Onyx Software Corp. in Belle- 
vue, Wash., to develop cus- 
tomizable application screens 
that present CRM capabilities 


| said. “If it’s 
| enforced, it doesn’t do us any 
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tion out there already,” he 
ignored and not 


good.” 

There is much skepticism 
that new laws will curb spam, 
because finding the most 
egregious spammers is diffi- 
cult. “People are setting up 


| dummy corporations and fly- 


by-night operations,” said 
Stephen Winkelman, an Inter- 
net attorney at Fennemore 
Craig PC in Phoenix. 
Accompanying the push for 
laws are efforts to create stan- 


| dards for regulating e-mail. 


The ePrivacy Group in 
Philadelphia is developing 
open-standards, machine- 
readable technology that sets 
minimum principles for en- 
suring that an Internet service 
provider doesn’t filter a digi- 
tally signed message from a 
business. 

Filtering sometimes screens 
out too much information, 


alongside its financial data. 
That way, financial advisers 
won't even know they’re using 
the technology, Kaplan said. 

Fairchild Semiconductor In- 
ternational Inc. is using a bot- 
tom-up strategy on its CRM 
project by getting feedback 
from end users after each roll- 
out of a tool, said Phaedra 
Bond, lead strategist for sales 
and marketing at the South 
Portland, Maine-based maker 
of electronics products. 

Even so, the company is 
moving slowly. 

Fairchild began 
rolling out Peo- 
pleSoft Inc.’s 
sales force au- 
tomation soft- 
ware early last 
year. More than 
350 end users are 
live on the soft- 
ware now, but 
Bond said it’s ex- 
pected to take up 
to three years to 
complete the 
project. “We’re taking a sniper 
vs. a shotgun approach,” she 
explained. 

The company also is using a 
combination of techniques to 
encourage use of the software, 
Bond noted. On one hand, it’s 





| protocol,” 


Canning Spam 


| said Vincent Schiavone, the 


company’s president. “We 
don’t see a way where you can 
fix e-mail with the current 

he said. D 


giving sales workers some 


| flexibility in the way they use 


the CRM tools after a mini- 
mum amount of required cus- 
tomer data is entered into the 


| system. But use of the soft- 

| ware is being tracked and is 

| required for compensation. If 
| companies treat CRM projects 


solely “as a technical imple- 


| mentation, you’re going to 
| fail,” 


| Starting Small 

| Because of management con- 
| cerns about the challenges of 
| implementing CRM software, 
| American Trans Air Inc. 


Bond warned. 


(ATA) also started small, ac- 
cording to Robert Ellison, di- 
rector of e-business and net- 
work services at the Indi- 
anapolis-based airline. 

Since July, ATA has been 
rolling out a set of data ware- 


| housing and CRM analytics 
| tools developed by NCR 


Corp.'s Teradata division for 


| use in such areas as managing 


e-mail marketing campaigns 
for its frequent-flier program. 

But the Teradata software is 
still being used by only about 
10 end users, Ellison said. “We 
have been taking baby steps,” 
he noted. “In fact, it was prob- 
ably more like a crawl.” D 
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Bug Disclosure, Fix 
Process Improving 


Sendmail episode shows progress made 


BY JAIKUMAR VIJAYAN 
EVERAL USERS wel- 
comed the growing 
willingness of ven- 
dors and security re- 
searchers to work together to 
identify and fix software vul- 
nerabilities in the wake of last 
week’s disclosure of a 
major hole in a widely 
used e-mail protocol. 
But they also ex- 
pressed concern over the 
practice by some in the 
security community to release 
vulnerability information to 
certain users before making it 
available to the public. 
Atlanta-based security ven- 
dor Internet Security Systems 
Inc. (ISS) and Emeryville, 
Calif.-based Sendmail Inc. last 
week disclosed the existence 


| 
| 
| 
| 
| 
| 
| 
| 
| 


of a major buffer-overflow 


| vulnerability in the sendmail 


mail-transfer agent, which 
handles more than 50% of all 
Internet e-mail traffic. 

ISS, which first discovered 


| the hole in early December, 


said it began in mid-January to 
work closely with the 
National Infrastruc- 
ture Protection Cen- 
ter — now part of the 
U.S. Department of Homeland 


| Security — to warn govern- 
| ment and military agencies of 
| the flaw. 


The sendmail incident ex- 


| emplified a welcome change 

| in attitude relating to vulnera- 
| bility discovery, disclosure 

| and response, users said. 


“The security community is 


| becoming more responsible 


SANS Institute Lauds 
Microsoft Security Efforts 


atch automation, 
security tests cited 


BY JAIKUMAR VIJAYAN 
Microsoft Corp., long at the re- 
ceiving end of widespread user 
criticism for buggy products, 
last week received a rare pat on 
the back for its security efforts 
from the SANS Institute. 

SANS, a research organiza- 
tion for systems administra- 
tors and security managers 
in Bethesda, Md., gave Micro- 
soft awards for demonstrating 
leadership in three security 
categories at the Fifth Nation- 
al Information Assurance 
Leadership Conference in 
San Diego. 

The company won awards 
for leadership in providing au- 
tomated security updates; pro- 
viding security training for 
software developers; and pro- 
viding testing software for 


| Pack 3 and above. 


| gram for software 
| developers earned 
| the company its 


| security vulnerabilities. 


Microsoft's award in the au- 
tomated updates category — 


| which it shared with Linux 
| supplier Red Hat Inc. — was 


in recognition of the automat- 
ed patching service for Win- 

dows XP and Win- 
dows 2000 Service 


Microsoft’s secu- 
rity training pro- 


second award, 
while its extensive 
automation of its 
software testing process 
snagged the third one. 

The awards were based 
on criteria and feedback from 
security administrators at 15 
large institutions that SANS 
works with on a daily basis, 
said Alan Paller, director of re- 
search at SANS. Many of those 


GR Microsoft 
and ‘secu- 


rity’ in the same 
sentence is usu- 
ally a joke. 


Se eeeeesececeesessseesoss 


MATT KESNER, CTO 
FENWICK & WEST 


| and is making better decisions 

| with regard to when they 

| should disclose a vulnerabil- 

| ity,” said Mike Tindor, vice 

| president of network opera- 

| tions at First USA Inc., an 

| Internet service provider in 

| St. Clairsville, Ohio. 

| There is a growing realiza- 
tion that “making a vulnerabil- 

| ity public without a fix is not 

| in the industry’s best interest,” 
said Anthony DeVoto, a Win- 

| dows NT administrator at Vol- 

| vo Finance North America 

| Inc. in Montvale, N.J. 

| “It’s kind of like a car com- 

| pany coming out on the 6 

| o'clock news and saying your 

| car is going to blow up and 

| they don’t know how to fix it,” 

| said David Krauthamer, direc- 

| tor of information systems at 

| Advanced Fibre Communica- 

| tions Inc., a Petaluma, Calif.- 


| who participated in the deci- 

| sion process were administra- 

| tors working in organizations 

with more than 10,000 sys- 

| tems, Paller said. 

| “The idea of illuminating 

| vendors who are doing things 

| that are industry-leading 
grew out of a series of meet- 

| ings with users who were 

| complaining about vendors 

| making security hard [to 

implement],” 

Paller said. 

Word of 
Microsoft’s 
awards was 
greeted with 
mixed feelings. 

“ ‘Microsoft’ 
and ‘security’ in 
the same sen- 
tence is usually a 
| joke,” said Matt Kesner, chief 

technology officer at Fenwick 
& West LLP, a Mountain View, 
Calif.-based law firm. “I give 
them a lot of credit for making 
security a higher priority, but I 
would like to see a lot better 
fundamental design from 
them before I start handing 


| dors, which continue to come 


| hosting provider. 


| out any awards,” Kesner said. 





| Paul Schmehl, adjunct infor- 
| mation security officer at The 





It’s kind of 
like a car com- 


pany ... saying your 
car is going to blow 
up and you don’t 


DAVID KRAUTHAMER, DIRECTOR 
OF INFORMATION SYSTEMS, 
ADVANCED FIBRE COMMUNICATIONS 


based manufacturer of tele- 
communications equipment. 
“I think the software and secu- | 
rity industry has matured to 
the point where it is unaccept- 
able to put customers in a po- 
sition of such vulnerability,” 
he added. 

Meanwhile, software ven- 


under heavy criticism for de- 
veloping buggy products, are 
getting “a little bit better” at 
disclosing and responding to 
bug reports, said Edward York, 
chief technology officer at 724 
Inc., a Lampoc, Calif.-based 


Groups such as the Organi- 


“I think Microsoft has made 
great strides in security,” said 


University of Texas at Dallas. 
“They are ahead of some of 
the Unixes and at least on par 
with some others, [but] they 
still have a long way to go,” 
he said. 

The awards demonstrate 
the importance of looking at 
factors other than just total 
bug count when evaluating a 
vendor’s security practices, 
said Pete Lindstrom, an ana- 
lyst at Spire Security LLC in 
Malvern, Pa. 

“Counting the number of 
identified vulnerabilities 
alone is completely without 
merit,” Lindstrom said. It’s 
also important to gather infor- 
mation on factors such as a 
vendor’s training practices, 
development processes and 
bug tracking methods, he said. 

“Sometimes,” Lindstrom 
said, “Microsoft gets a bum 
rap just because they are who 





they are.” D 


www.computerworld.com 


zation for Internet Safety are 
trying to propose standard 
guidelines for reporting and 
responding to vulnerability 
information. And several secu- 
rity companies have voluntar- 
ily adopted policies governing 
the release of vulnerability 
information. 

“The processes surrounding 
vulnerability disclosure have 
changed significantly during 
the past few years for the 
community as a whole,” said 
Thor Larholm, a security re- 
searcher at PivX Solutions 
LLC, a network security con- 
sultancy in Newport Beach, 
Calif. Instead of making ad 
hoc disclosures, PivX has a 30- 
day grace period for vendors 
to fix a problem before the 
public is made aware of it. 


Questionable Practices 
Despite such progress, other 
issues remain, users said. 

For instance, ISS’s decision 
to prenotify several govern- 
ment and military agencies of 
the problem is understandable 
given today’s heightened secu- 
rity concerns, users said. But it 
highlights a practice that can 
encourage “information segre- 
gation and concealment,” said 
Paul Schmehl, adjunct infor- 
mation security officer at The 
University of Texas at Dallas. 

Many security organizations 
— including the CERT Coor- 
dination Center at Carnegie 
Mellon University in Pitts- 
burgh and ISS — routinely sell 
advance vulnerability infor- 
mation to paying subscribers. 
Strict nondisclosure agree- 
ments govern such prenotifi- 
cations, said Dan Ingevaldson, 
a security researcher at ISS. 

But “safe practice is that 
only the vendor should be no- 
tified [of a flaw] so they can 
test it and create a patch. Only 
then should the information 
be made available to anyone 
else,” said York. D 


MORE ONLINE 


A hacker site posted sendmail exploit code 
less than 24 hours after public disclosure of 
the vulnerability: 


QuickLink a2950 


ISS also reported a Snort vulnerability 
last week: 


QuickLink a2960 
www.computerworld.com 





If you’re busy monitori 
who's watching yo 


The new HP ProLiant DL740 
8-way with hot-plug 
RAID memory. 


- Ultradense 4u modular chassis 
with up to eight Intel® Xeon™ MP 
1.5 GHz or 2.0 GHz processors 

- Up to 64GB addressable memory 

- Groundbreaking F8 chipset 

- 6-64 bit/100 MHz PCI-X slots 

- Integrated Lights-Out Standard 
(iLO) for Remote Server Mgmt 


The new HP ProLiant DL760 
G2 8-way with hot-plug 
RAID memory. 


- Up to eight Intel” Xeon™ MP 
1.5 GHz or 2.0 GHz processors 
- Up to 64GB addressable memory 
- Groundbreaking F8 chipset 
- 10-64 bit/100 MHz PCI-X 
1-64 bit 33 MHz slots 
- Remote Insight Lights-Out Edition II 
(optional) for Remote Server Mgmt 


What challenges do you face today? Decreasing budgets? The 
lurking possibility of downtime? It’s hard enough to focus on 
moving your business forward when you're constantly | 

over your shoulder to see if everything is up and running 


Besides, that’s the job of the new HP Proliant DL700 series 
running Intel® Xeon™ MP processors. An adaptive infrastructure 
begins with these HP ProLiant servers which come equipped 
with tools that predict, self-diagnose and fix many fault 
conditions. And now with hot-plug RAID memory exclusively 
from HP. you can add or replace DIMMs without turning 
your systems off. Both work with the HP ProLiant Essentials 
Foundation Pack featuring Insight Manager 7 software which 


monitors and controls your infrastructure for maximum uptime 


At the end of the day, you'll have more ol over you 
infrastructure, help avoid unplanned downtime and reduce 
overall maintenance costs. Not to mention free’ ng yourself 
up for more important things 


To learn how HP Proliant servers can be a 
part of maximizing your company’s uptime, 
download CMP’s executive brief on high availability 
at www.hp.com/go/proliant85 or call 
1-800-282-6672, option 5, and mention code YPH. 


'@ | 
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Airlines Agree to 
Sell Worldspan 


Worldspan LP, which runs a com- | 


puterized reservations system, 
said its airline owners have 
agreed to sell it to two investment 
firms. American Airlines Inc., 
Delta Air Lines Inc. and North- 
west Airlines Inc. will sell 
Worldspan to a new company set 
up by Citigroup Venture Capital 
Equity Partners LP in New York 
and Teachers’ Merchant Bank 

in Toronto. 


Microsoft Signs App 
Lease Services Deal 


Microsoft Corp.'s IT financing unit 
announced a deal to offload lease 
contract management services 
for users of its business applica- 
tions to another company. The 
leasing functions will now be han- 
died by De Lage Landen Financial 
Services Inc. in Wayne, Pa. The 
Microsoft Capital Corp. unit said 
it will continue to offer financing 
to corporate users and to small or 
midsize companies. 


Peregrine Lowers 
Revenue by $509M 


Peregrine Systems Inc. restated 
its financial results for the three 
fiscal years from April 1999 to 
March 2002, chopping the rev- 
enue it had reported by $509 mil- 
lion. That reduced the original 


three-year total of $1.34 billion by | 


38%. Peregrine, a San Diego- 
based vendor of asset manage- 
ment software, said about $259 
million was “reversed for nonsub- 
stantiated transactions.” 


Short Takes 


INTEL CORP. this week plans to 
launch a new foray into the note- 
book PC market by announcing 
six mobile processors under the 
name Pentium M. . . . SUN Mi- 
CROSYSTEMS INC. said an open- 
source group that’s developing 
its JXTA peer-to-peer computing 
software has released an 
upgrade. 


NEWS 


MARK HALL ® ON THE MARK 


Vendors Scramble to Fill 
Web Services Hole ... 


... in application management, which could pose a serious problem to 
companies rolling out Web services-based software. Oded Noy, CTO 
at Path Communications Inc. in Marina Del Rey, Calif., worries “that 
all the coding errors we used to catch at compile time, we’re now 
going to catch at runtime in Web services.” Hewlett-Packard’s Open- 
View group has addressed the issue by launching its Web Services 


Management Organization. According to 
its CTO, Al Smith, the move is both defen- 
sive and offensive. In the former category, 
HP sees companies such as Path poten- 
tially stealing away OpenView business. 
And Smith points to recent venture capi- 
tal investments in Web services manage- 
ment start-ups such as AmberPoint Inc. 
in Oakland, Calif., and Flamenco Net- 


Until then, developers of Web services 
will have to do the work themselves to man- 


| age applications for things such as au- 


thentication, performance and service- 
level agreements. If they think of them 
at all. “Management is not something de- 
velopers think of. It’s an afterthought 
when people write apps,” Smith laments. 
= That’s why you don’t need a developer 





works Inc. in Alpharetta, Ga., 
that this will be a hot, 
competitive market. (Of 
course, venture capitalists 
also showed their genius by 
pouring millions into Pets.- 
com and Webvan.) In the 
offensive category, he 
claims, “we can extend 
the definition of what is 
management.” Smith 
thinks the lack of Web 
services management 
standards and tools has 
dampened its adoption 
rate among users, The 
lack of management stan- 
dards for Web services is 
finally being addressed 
(see story below), but the 
standards committee will 
probably take a year to 
complete its first draft. 


| BY MATT HAMBLEN 


More than a dozen IT vendors 
last week said they plan to 


work together to develop a 


standard way to manage Web 
services technologies used in 
distributed applications. 

The list of participating 
companies includes systems 
vendors, such as IBM, Hew- 


| lett-Packard Co. and Sun Mi- 


crosystems Inc., plus develop- 
ers of management tools, such 
as BMC Software Inc., Com- 


as proof | 


Storage management gets a 
MS Cle ALC eats 

msn RUT 
release of its active storage 
management product, Astrum 
1.5. The new version includes 
support for Microsoft Ex- 
Cirle Wael O Mes Leyte hom 
PACES oe UURePe Lng 
German and French versions of 
Unix and Windows. 


PY ET er Merl eee ae) 
this week that it has landed a 
GCE B Mur larte em eRe rele Mul elt) 
toring of the world’s largest 
SCORER ROLL 
ert eee Te 


Web Services Management Standard Sought 


to deploy the latest version of the Path 


Application Manager, or 
P.A.M. 3.5, which ships 
today. According to 
Path’s Noy, sysadmins 
can do it after an appli- 
cation is in production. 
He claims P.A.M. 3.5’s 
software behavior- 
recognition features 
should catch many man- 
agement problems in 
Web services and other 
applications. Among the 
new features in P.A.M. 
3.5 are controls that can 
identify time-of-day, time- 
of-month and time-of-year 
fluctuations in any pro- 
gram. ® Once those Web 
services get written and 
widely deployed — man- 
aged or otherwise — few 
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people have the slighest clue about how 
they will affect network performance. 
The engineers at Redline Networks Inc. 
in Campbell, Calif., have readied for de- 
livery this week the E/X 3250 Enterprise 
Accelerator that adds compression, load 
balancing and security for Web servers and in- 
side the firewall. CEO Roy Johnson argues 
that some Web services-based applica- 
tions will require very large data struc- 
tures or interaction among lots of differ- 
ent Web services, putting extra loads on 
Web servers and killing their perfor- 
mance — hence the 3250. Redline Vice 
President of Engineering Bill Crane 
boasts that the 3250’s protocol scrubbing 
and Secure Sockets Layer certificates for 
road warriors improves security by protect- 
ing Web servers from buffer overflows and 
unauthorized users. # OpenVMS users 
cheered when HP said it had an 11-year life 
plan for the venerable operating system. And 
on March 18, they can let loose a small 
whoop for the general availability of Ver- 
sion 6.2 of SightLine OpenVMS Power 
Agent from Fortel Inc. in Fremont, Calif. 
The performance monitoring and report- 
ing tool will be able to handle OpenVMS 
clusters and distinguish among opera- 


| tional differences during different work- 


ing hours. # Whatever your views on the 
looming war with Iraq, Ivan Eland, direc- 
tor of the newly created Center for Peace 
and Liberty at The Independent Institute 
think tank in Oakland, suggests that IT 
may be at the center of an Iraqi war strategy 
because Saddam Hussein learned from 
Vietnam, Lebanon and Somalia that “the 
Achilles’ heel of the American military 
juggernaut is U.S. public opinion.” Cyber- 
attacks would be a likely way to under- 
mine wavering U.S. support for the war. 
He adds, “It is difficult to say how suc- 
cessful the Iraqis would be, but they have 
had more than a year of U.S. blustering 
to put a plan into action.” So, take a little 
extra time this week to secure your 
systems. D 

Services Distributed Manage- 
ment (WSDM) technical com- 
mittee it’s setting up will work 


| toa statement by the Organi- 





puter Associates International | 
Inc. and Novell Inc., according 


zation for the Advancement of 
Structured Information Stan- 
dards (OASIS) consortium in 
Billerica, Mass. 

Microsoft Corp. wasn’t on 
the list. A Microsoft official 
said Web services manage- 
ment is an important topic but 
added that the company has 
decided not to join the OASIS 
effort at this point. 





“Simply put, management is 
the next major barrier to main- 
stream Web services adoption,” 
said HP CEO Carly Fiorina dur- 
ing a speech at BEA Systems 
Inc.’s eWorld conference in Or- 
lando. Fiorina also said HP has 
added Web services manage- 
ment tools to its OpenView 
software and created deploy- 
ment and management con- 
sulting programs for Java-based 
Web services applications. 

OASIS said the new Web 





with other standards bodies, 
including the World Wide 
Web Consortium and Distrib- 
uted Management Task Force 
Inc. in Portland, Ore. 

Jason Bloomberg, an analyst 
at ZapThink LLC in Waltham, 
Mass., said the WSDM com- 
mittee might be able to pro- 
duce a standard within a year. 
Microsoft’s absence isn’t that 
significant for now, since it 
could adopt the standard once 
it’s published, he said. D 
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MAKE SURE YOU 
KNOW THE DIFFERENCE 
BEFORE YOU DIVE IN. 


Everybody seems to be jumping into integration these 
days, but it takes a deep integration solution to deliver 
the true benefits of a real-time business. That's what 
TIBCO Software delivers with The Power of Now.” 


The Power of Now. It’s the transformation of your company 
into a real-time business. It unifies and optimizes the assets 
you already have—your people, systems and processes—to 
coordinate end-to-end activities and get information where 
and when it’s needed. it’s a business operating at its peak 


efficiency, and generating immediate and measurable results. 


Real-time Results. When TIBCO integrated the disk drive giant 
Seagate with its partners and customers, the resulting system 
delivered superior customer service and enabled the company 
to bring its products to market faster. And when TIBCO created 
adidas-Salomon’s real-time supply chain, it resulted in faster 
time to market and higher revenues for the sporting goods 
marketer. That's The Power of Now. 


Learn how our deep integration has enabled 
real-time business for other Global 2000 

companies. Call 800-420-8450, or visit us at 
www.tibco.com/cwa to obtain your Executive 
Guide to Real-Time Business, the first step 


toward the Power of Now. 
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EMC, Hitachi End 
Patent Dispute 


EMC Corp. and Hitachi Ltd. 
agreed to settle dueling patent- 
infringement claims related to 
storage technology. Hitachi will 
make unspecified “balancing 
payments” to EMC as part of 

a patent cross-licensing deal, 
the companies said. They also 
agreed on a framework for ex- 
changing application program- 
ming interfaces (API), and EMC 
announced a similar API deal 
with Veritas Software Corp. in 
Mountain View, Calif. 


3Com Sells Off 
Carrier Products 


3Com Corp. announced a deal to 
sell the key assets of its Comm- 
Works business unit to UTStar- 
com Inc. in Alameda, Calif., for 
$100 million in cash. Comm- 
Works makes IP-based network- 
ing equipment for telecommuni- 
cations carriers. Santa Clara, 
Calif.-based 3Com said it will re- 
tain a license to the technology. 


Palm Says Sales 
Will Miss Target 


Blaming weak sales of its hand- 
held devices to corporate users, 
Palm Inc. warned that it will 
report lower-than-expected 
revenue for its third quarter, 
which ended Feb. 28. Milpitas, 
Calif.-based Palm said revenue 
will total about $210 million, 
falling short of its $230 million 
to $250 million prediction. Ana- 
lysts recently said the corporate 
market for handhelds has stag- 
nated [QuickLink 36045). 


Short Takes 


IBM recalled about 56,000 PC 
monitors sold in 1997 and 1998 
because of a faulty component 
that could overheat... . San 
Francisco-based MACROMEDIA 
INC. warned of a security flaw in 
Version 6 of its Flash Player soft- 
ware and urged users to insiall 
an updated release. 


| BY MATT HAMBLEN 


T&T CORP. today 
plans to join forces 
with Aventail Corp. 
by announcing a 


| deal to resell that company’s 
| new Secure Sockets Layer 
| (SSL) remote-access 





| devices as part of a 

| managed virtual pri- 
| vate network (VPN) 
| service. 


AT&T said it will charge 


| customers a monthly fee for 
| the SSL VPN service and put 


the tab on one bill along with 
its other network services and 


| connection costs. Seattle- 

| based Aventail will install and 
| service its rack-mountable 
EX-1500 appliance, which is 

| designed to eliminate the 


| Security appliance 
| controls end-user 


BY MATT HAMBLEN 
Funk Software Inc. and Net- 
work Engines Inc. today will 
release a jointly developed se- 
curity appliance for authenti- 
cating remote users connect- 
ing to corporate WANs as well 
as users on wireless LANs. 
Canton, Mass.-based Net- 
work Engines built and will 
| distribute the hardware, which 
| runs remote end-user authen- 
tication and authorization 
software developed by Cam- 
bridge, Mass.-based Funk. 
The combined product is a 
rack-mountable device that 
| runs under Windows 2000 
Professional, according to the 
two companies, which an- 





nounced plans to collaborate 


NETWORK 
es 


NEWS 


| Aventail’s remote-access devices to be 
used to expand networking choices 


| need for end users to install 
| remote-access client software 
| on laptop PCs and other mo- 

bile computing devices. 

The reseller agreement 

| made sense partly because the 
| two companies share many 
global customer ac- 
counts, said John Sul- 
livan, extranet prod- 
uct manager at AT&T. 
Sullivan wouldn't di- 
| vulge the pricing for the new 
| VPN service, which is due to 
| be rolled out as early as next 
| month. Aventail set a starting 
| price of $20,000 on the EX- 
| 1500 when the SSL-based ap- 
pliance was announced in 
| January [QuickLink 35527]. 
| Aventail currently offers its 
| own SSL VPN managed ser- 


Vendors Team Up to Develop 
Remote-Authentication Device 


on the appliance in January. 

Size and ease of deployment 
were the reasons Care New 
England Health System in 
Providence, R.I., deployed an 
early version of the appliance 
last month, said Larry Pesce, a 
LAN/WAN specialist at the 
health care company. 

Thus far, about two dozen 
end users have used the appli- 
ance for network authentica- 
tion over dial-up laptop con- 
nections or to gain access to 
Care New England’s 802.11 
| WLANs, Pesce said. Within 
weeks, the use of the device 
will be scaled up to handle 
| about 1,000 medical personnel 
at three major facilities and 
other locations throughout 
Rhode Island, he added. 

The appliance not only pro- 
vides authentication services 
but also manages the configu- 
ration process, Pesce said. It 





AT&T Launches VPN 
Service Based on SSL 


vice and will continue to do 
so. But Sullivan said the sales 
forces of both companies will 
be able to sell AT&T’s version 
of the managed service, with 
AT&T acting as the first point 
of contact for users. 


Weighing Options 
New York-based Deloitte Con- 
sulting has used Aventail’s SSL 
VPN service for the past two 
years to manage remote access 
to corporate data and e-mail 
systems for 15,000 workers 
worldwide, said CIO Larry 
Quinlan. Currently, the con- 
sulting firm relies mainly on 
WorldCom Inc. to provide re- 
mote-access network services. 
The WorldCom deal, valued 
in the millions of dollars annu- 
ally, will be re-evaluated with- 
in the next 12 months, Quinlan 
said. Deloitte officials “would 





like more integration between 


| would have taken several days 
or weeks to buy server hard- 
ware and configure it, taking 
up valuable time for Care New 
England’s IT staff, he noted. 
But the new appliance “just 
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| remote-access lines and the 


VPN,” he said. But if they con- 
sidered the joint AT&T/Aven- 
tail offering, “we would insist 
on some cost savings” com- 
pared with buying separate 
services, Quinlan added. 

AT&T is already the market 
leader in providing VPN ser- 
vices that support the IPsec 
security protocol, according to 
Framingham, Mass.-based 
IDC. Unlike SSL, IPsec re- 
quires the loading of client 
software on end-user devices. 

Sullivan said AT&T will 
continue to support IPsec in 
addition to offering the new 
SSL VPN service. There’s 
“very little overlap” between 
the users of the two technolo- 
gies, he said. 

Although SSL VPNs are 
increasing in popularity 
among corporate users, the 
demand for IPsec VPN ser- 
vices should continue to show 
some growth in installations 
because that protocol offers 
stronger security algorithms 
than SSL does, said John 
Girard, an analyst at Gartner 
Inc. in Stamford, Conn. D 


worked out of the box, no 
headaches at all,” he said. 

The company bought and 
installed two of the appliances 
for about $30,000, which was 
10% less than regular server 
hardware would have cost, ac- 
cording to Pesce. The appli- 
ance also takes up very little 
space in Care New England’s 
cramped data center, he said. 

Funk competes with major 
vendors such as Cisco Sys- 
tems Inc. and Microsoft Corp., 
which also sell authentication 
tools that support the Internet 
Engineering Task Force’s Re- 
mote Authentication Dial-In 
User Service (RADIUS) proto- 
col. “But Funk often gets in the 
door for ease of use,” said John 
Girard, an analyst at Gartner 
Inc. in Stamford, Conn. 

The market for RADIUS- 
based remote authentication 
products and services is ex- 
panding, Girard said, adding 
that appliances combining 
hardware with software are 
fashionable now, partly be- 
cause they provide all-in-one 
capabilities to users. D 
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strict some of the code ‘sible 
write to BEA’s runtime engine. 

Craig Mapes, vice president 
of information systems and 
services at The Huntington 
National Bank in Columbus, 
Ohio, said his company will 
have to take a “deep dive” to 
see how much of the Web- 
Logic Workshop tool relies on 
nonstandard Java. 

“Is it the silver bullet, or is it 
going to lock us into some- 
thing less open?” he said. “We 
don’t want to be locked into 
anything proprietary. We’ve 
been down that path before.” 

For many users, one of the 
most appealing aspects of 
working in Java has been its 
promise to run on any operat- 


ing system or application serv- | 


er, so long as the code con- 


| go with Microsoft,” 





forms to standards vetted 
through the Java Community 
Process (JCP) established by 
the language’s creator, Sun Mi- 
crosystems Inc. 

“Portability is the whole 
thing about Java to me. If we 
want vendor lock-in, we can 
said Marc 
Cox, a systems analyst at New 
York-based Teachers Insur- 
ance and Annuity Association 
- College Retirement Equities 
Fund. 


The Need for Ease 


But as a result of Java’s grow- 
ing maturity and acceptance, 
IT shops with less skilled de- 
velopers are taking up the 
technology, and that makes 
the need for better tools more 
critical. Also, the knock that 


Java is too complicated has 


become a pressing concern 
for vendors that now must 
compete against Microsoft’s 


eRe een ERROR ET 
Nonstandard Java Technologies in 
BEA’s WebLogic Workshop Tool 


see 


Java Page Flow 


ete tt 


New file format that contains 
the business logic, state and 
navigation flow of a Web appii- 


STATUS ° 


To be submitted to 
Java Community 
Process. 


cation; built upon a Struts- 
based Web application pro- 


gramming model 





Web Services 
Metadata for the 
Java Platform 


Defines an annotated Java for- 
mat that uses Java Language 
Metadata (JSR 175) to enable 
easy definition of Java Web ser- 


JSR 181. Work in 
progress. Expert 
group formed last 
April. 


vices in a J2EE container. 


Process Defin- 
ition for Java 


"Defines an 1 annotated Java syn- 
tax and APIs for programming 
business processes in Java. 


JSR 207. Vote on 
acceptance of 
JSR due March a 





Metadata 
Facility for the 
Java Program- 
ming Language 


Content 

Repository 

for Java 
mentation. 


Portiet 
Specification 


Java Rule 
Engine API 


Specifies a standard API to ac- 
cess content repositories in 
Java 2 independently of imple- 


Defines a set of APIs for portal 

computing addressing the areas 
of aggregation, personalization, 
_ presentation and security. 


Defines a Java runtime API 
for rule engines. 


~ Allows classes, interfaces, fields JSR 175. Work i in 
and methods to be marked as 
having particular attributes. 


progress. Expert 
group formed last 


April. oy 
JSR 170. Expert 


group formed last 
month. 


~ JSR 168. Expert 
group formed last 
month. 


—JSR94.Public 
review period 
recently closed. 
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NOTE: A Java Specification Request (JSR) is the actual description of a proposed and final specification 
for the Java platform under the Java Community Process created by Sun Microsystems Inc. to evolve 


the technology. 
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| said Dietzen 
our APIs into the Java stan- 


| shop that there’s no 
| practical way to 





| vestment can be realized with- | 


year-old .Net technology. 
“We, like our primary com- 
petitors, all have to introduce 
innovations to make the prod- 
ucts easier to use,” said Scott 
Dietzen, chief technology offi- 


| cer at San Jose-based BEA. 


“And some of those are in our 


| classes.’ 


Dietzen said BEA’s key APIs 


| — such as Web Services Meta- 
| data and a Java Rule Engine — 


are already moving through 
the Java’s standards body. Oth- 
ers, such as Java Page Flow 
and Process Definition for 


| Java, are pending. And some 
| minor proprietary pieces may 


never make it to the JCP, he 
added. 

“We take the most critical 
interfaces and get them into 
the standards process because 
that’s where the investment 
protection is most needed,” 

. “Putting 100% of 


dards process is too expensive. 


| It would cost a huge amount of 


money, and the net return to 
customers is very small.” 

So BEA is instead striving to 
give customers “90-plus per- 
cent” investment protection, 
Dietzen said. Customers may 


| have to do “a little bit of re- 


work” to port code to another 


| Java container, but that’s “dra- 
| matically better” than any op- 


tion they ever had, he said. 
However, Mark Driver, an 

analyst at Gartner Inc., 

claimed that there is “so much 





proprietary plumb- 
ing inside of Work- 


port the code to an- 
other vendor’s 
products.” 

Driver said Gartner is advis- 


| ing BEA customers to limit the 


use of Workshop to tactical 
projects where a return on in- 


in two years, since the tool 
will likely change. 

He didn’t fault BEA’s ap- 
proach, and he praised the 
company’s efforts to standard- 
ize its technology. “Any ven- 


| dor who wants to innovate is 


going to have to become more 
proprietary, at least for a peri- 


catch up,” Driver said. 
But as several users pointed 


| od of time until the standards | 
| 


ONE ON ONE 


Computerworld interviews 
BEA CEO Alfred Chuang 


@ QuickLink 36823 
www.computerworld.com 


BEA Executives Provide Glimpse 
Into Company’s Direction 


BEA Systems will focus on se- 
agement and process-oriented 
programming in future product 
releases, company executives 
said last week. 

Alfred Chuang, CEO of the 
San Jose-based software mak- 
er, told Computerworld that his 
company is building a security 
server. He said it will be sold as 
a separate product that can be 
hooked to non-BEA products. 

“If you're not even a Web- 
Logic shop ~ maybe you're a 
mainframe shop - you'll find it 
useful,” Chuang pledged. He 
said he’s not sure when the 
product will be ready for gener- 
al release. 

BEA in February acquired 
CrossLogix Inc., a privately held 


out, there’s no guarantee that 
all of the technology will be- 
come a standard. And even if 
it does, there’s no guarantee 
that it will be adopted by oth- 
er vendors, such as IBM. 
Robert Moffett, systems ar- 


| chitect lead at United Parcel 


Service Inc.’s airlines division 
in Louisville, Ky., is evaluating 
BEA’s WebLogic application 


| server, integration product 


and workflow capabilities 
___ against similar 
rival IBM. 
Moffett said he 


the Workshop tool, 
which works 
across all BEA products. But 
he said he has concerns about 
being restricted to running 
code written with Workshop 


| on only BEA products, espe- 


cially since UPS has standard- 
ized on IBM’s WebSphere por- 
tal software 

“Everyone's going to have to 
take a hard look at how [| Web- 
Logic Workshop] aligns with 
your architectural goals. It’s a 


| very conscious decision you 


products from BEA | 
| Cobol programmers and get 
| them doing something pro- 
likes the concept of | 
| prise Edition] without having 
| to go over that really steep 

| learning curve.” 


taker of enterprise authoriza- 
tion products. The CrossLogix 
technology will be part of 
BEA’s ongoing security work, 
according to Rick Jackson, 
vice president of enterprise 
product marketing at BEA. 

BEA will release an en- 
hanced security framework that 
spans the products in its up- 
coming WebLogic Platform 8.1 
- which include the application, 
portal and integration servers. 
The application server is due 
this spring, with the full plat- 
form to follow this summer. 

- Carol Sliwa 


MORE ONLINE 
For an expanded version of this story, 
visit our Web site: 
QuickLink 36892 
www.computerworid.com 


be identified. He added that 


| he still finds the tool “com- 


pelling.” 
James Kline, a project man- 


| ager at The ServiceMaster Co. 


in Downers Grove, Ill., said he 
expects that most of his com- 


| pany’s new development will 
| be on WebLogic, so portability 
| isn’t a huge concern. 


David Gallaher, director of 
IT development for Jefferson 


| County, Colo., said he needs 
| the tool, which ships this sum- 


mer, “to salvage all my old 


ductive in J2EE [Java 2 Enter- 


Gallaher said that if porting 
is ever needed, he can grab the 


| code created with the tool, 
| copy it and put it anywhere he 


“It’s still Java behind 
the scenes,” he said. Gallaher 
added that he doesn’t expect 
to make calls to many propri- 
etary class libraries. 

“Would I prefer that the tool 
was absolutely open? Abso- 
lutely. Can I live with it this 
way? Yeah,” Gallaher said. “I 


wants 


need to understand that you're 

taking,” said a Web develop- | mean, what’s my alternative? 
ment manager for a medical | Do it in Microsoft, where they 
distributor who asked notto _| control everything?” D 
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system that would provide 
more rapid access to data, but 
it has yet to make any technol- 
ogy choices. 

Top-level corporate execu- 
tives increasingly want to keep 
a close watch on key business- 
performance indicators so they 
can take fast action when nec- 
essary, said Sateesh Lele, chair- 
man of Global Data Systems 
USA, a San Jose-based IT ser- 
vices firm. “In order to do that, 
they need to have summarized, 
synthesized, real-time informa- 
tion,” Lele said. 

For example, if 
there’s a drought 
in the Northeast, 
the use of real- 
time information 
to gauge demand 
for umbrellas 
could help execu- 
tives at an um- 
brella maker do 
“dynamic pricing” in an at- 
tempt to boost sales, said 
Steve Andriole, a consultant at 
Cutter Consortium in Arling- 
ton, Mass., and a professor of 
IT management at Villanova 
University in Pennsylvania. 

There are combinations of 
technologies that can help put 
business performance infor- 
mation in the hands of senior 
management more quickly, in- 
cluding middleware, business 
process integration tools, Web 
services applications and data 
mining tools. But they go only 
so far in speeding up the de- 
livery of data, according to an- 
alysts. For instance, informa- 
tion stored in decision-sup- 
port data marts is often up to a 
month old, Lele said. 


Every 
company 
| know of has to 
deai with the 
fudge factor. 


STEVE ANDRIOLE, CONSUL 
TANT, CUTTER CONSORTIUM 


In addition, many compa- 
nies have rolled out enterprise 
resource planning systems 
that are tied to legacy applica- 


| tions populated with outdated 


information. “You still haven't 
solved your real-time prob- 
lem,” said Andriole, a former 
chief technology officer at 


Cigna Corp. in Philadelphia. 


Some companies have made 
big strides toward achieving 
real-time data availability. At- 
lanta-based Delta Air Lines 
Inc., which has invested $1.5 
billion in its IT infrastructure 


| since 1998, has integrated its 


systems so tightly that there’s 
just a one-second latency in 
exchanging data 
between some of 
its business units, 
said CIO Curtis 
Robb during a 
session at the 
Premier 100 con- 
ference. 

Still, some of 
the challenges 
facing IT man- 


| agers who are trying to install 
| real-time data access capabili- 


ties extend beyond technology 


| to issues such as the quality 

|} and timeliness of information. 
| For instance, Chris McMahan, 
| CIO at Wireless Retail Inc., a 

| Scottsdale, Ariz.-based provid- 
| er of wireless products and 

| services to retailers, said a 


salesman might report that he 


| sold 10 wireless devices in a 
| week when, in fact, he sold 
| eight and has two orders in the 


pipeline. 
“Every company I know of 


| has to deal with the fudge fac- 


tor,” Andriole said. “Some 


| cynics say that real-time re- 


porting is terrible because it 
gives you the ability to make 


| wrong decisions faster.” D 


How to Manage Real-Time Data 
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Inventory Costing Systems Pose Real-Time Data Challenges 


Another problem hampering IT 
managers who are trying to 
make data available to business 
executives on a real-time basis 
is their companies’ reliance on 
legacy accounting systems that 
are centered on so-called stan- 
dard costing metrics. 

Standard costing is an ac- 
counting technique that's widely 
used by manufacturers to predict 
the cost of product inventories 
for a full year based on the 
prices that are in place at the 
end of the previous year. 


But applications that support 
the technique have limits, said 
Ralph Rio, an analyst at ARC Ad- 
visory Group Inc. in Dedham, 
Mass. For example, disk drives 
sold by a vendor may fetch $500 
each at the end of one year ~ a 
price that will be built into the 
standard costing models in its 
accounting system. But if market 
conditions change and prices 
have to be cut sharply, the new 
information typically won't be re- 
flected in the costing models. 

That can be “a major problem” 


: when it comes to using real-time 


information to react to changing 


> market conditions, Rio said. To 


combat such problems, an 
emerging class of applications is 
able to accommodate real-time 
changes in costing data, he said. 

Nevertheless, companies will 
likely have to also retain their 
legacy accounting systems in or- 
der to meet the U.S. Securities 
and Exchange Commission's fi- 
nancial reporting requirements, 
Rio added. 

- Thomas Hoffman 





Utility 


Integration software 


| to support real-time 


data exchanges 
BY THOMAS HOFFMAN 

Southern Co., a $10.55 billion 
utility and energy services 
firm in Atlanta, is in the early 
stages of a multiyear enter- 
prise application integration 
(EAD) effort aimed at bolster- 


| ing revenue and lowering 


costs throughout its extensive 
supply chain operations. 

As part of a project that be- 
gan last year and is due to 


| continue through 2006, South- 


ern is pushing to add real-time 
energy trading capabilities 
and optimize all of its key sup- 
ply chain functions, including 
warehousing and inventory 
and freight management. 

To support the effort, South- 
ern late last year installed 
business process integration 
software developed by Sunny- 
vale, Calif.-based Vitria Tech- 
nology Inc. The details of the 
rollout will be announced this 
week. Southern plans to use 
Vitria’s BusinessWare tools to 
provide real-time exchanges 
of purchasing data between its 
systems and those of its busi- 
ness partners through an ener- 
gy trading network operated 
by Pantellos Group LP in The 





Turns to EAI Tools 
To Revamp Supply Chain 


Woodlands, Texas. 

“We’re trying to manage the 
sourcing process from the raw 
materials phase all the way to 
the disposal of any assets that 
we've acquired,” said Jacki 
Lowe, vice president of supply 
chain management at South- 
ern, which is also using rival 
message-queuing middleware 
tools from IBM and Microsoft 
Corp. as part of the project. 

Lowe said the EAI initiative 
is aimed at providing South- 
ern’s business executives with 
greater visibility into all of its 
supply chain operations. The 
project should also simplify 
some IT functions, she added. 

For instance, Southern’s ac- 


AT A GLANCE 


Southern’s Supply 
Chain Push 


COMPANY FACTS: Sells elec- 
tricity and natural gas to 4 million 
customers in the Southeast; had 
revenue of $10.55B last year 


BUSINESS CHALLENGE: |m- 
proving its supply chain by lower- 
ing costs and providing better re- 
liability to customers 


IT STRATEGY: Embarked ona 
multiyear EAI effort that includes 
the use of Vitria’s business proc- 
ess integration tools and middle- 
ware from IBM and Microsoft 


counting materials and pro- 
curement system links to 75 
different work-order and 
accounting applications 
throughout the company. In 
turn, many of those systems 
are tied to applications at 
Southern’s suppliers and other 
business partners. 

But anytime a change is 
made to one work-order sys- 
tem, follow-on changes have to 
be made to the accounting sys- 
tems to which it’s connected, 
Lowe said. The use of Busi- 
ness Ware should help mini- 
mize the changes “and reduce 
some of our support costs for 
those systems,” she said. 

Lowe declined to disclose 
how much Southern is invest- 
| ing in the EAI project, nor 
would she est:mate the size of 
the payback and efficiency im- 
provements that the company 
expects to gain. 

Zarko Sumic, a Bellevue, 
Wash.-based analyst at Meta 
Group Inc., said a growing 
number of energy companies 
with extensive transmission 
and distribution businesses 
are beginning to understand 
the potential for using EAI 
technology to help make their 
operations more efficient. 

Once BusinessWare is fully 
operational, Southern next 
quarter plans to begin devel- 
oping interfaces to systems at 
some of its energy trading 
partners, Lowe said. The com- 
pany expects to start process- 
ing transactions through the 
| interfaces in June, she added. B 
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Antitrust Suit Widens Cartridge Battle 


BY PATRICK THIBODEAU 
A North Carolina company 


| DMCA'’s circumvention re- 
strictions, and last week he 
sent a letter to House mem- 


Lexmark’s use of the DMCA. 
In its suit, SCC claims that 


companies that remanufacture 
toner cartridges out of the 
market. To buttress that claim, 


the toner cartridges sold for 
use with Hewlett-Packard 


tured, compared with about 
14% for Lexmark’s. 

Roger Rydell, a Lexmark 
spokesman, said the company 
‘provides more choice in car- 
tridges for laser printers” than 


| 
| 
| SCC argued that about 35% of 


| 
that remanufactures toner car- Lexmark’s alleged anticompet- 
tridges has filed an antitrust bers citing his concerns about | itive practices are squeezing 
lawsuit against printer maker - : 

Lexmark International Inc., re : A a . 
broadening a legal fight that 
could affect the availability of 
low-cost cartridges. 

Sanford, N.C.-based Static 
Control Components Inc. 
(SCC) claims that Lexmark is 
trying to monopolize the car- 
tridge market. SCC’s allega- 
tion comes after Lexington, 
Ky.-based Lexmark filed a suit 
in December charging that the 
remanufacturer illegally 
copied some of the chips used 
to mate cartridges to Lex- 
mark’s printers [QuickLink 
36030). 

Lexmark won the first 
round in a Feb. 28 ruling by a 
USS. District Court judge in 
Kentucky. The judge issued a 
preliminary injunction that 
bars SCC from making the 
chips used in replacement car- 
tridges for two of Lexmark’s 
laser printers. SCC filed its 
antitrust claim that same day 
in Greensboro, N.C. 


Co.’s printers are remanufac- | any of its rivals. D 
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Congress Takes Notice 
The legal battle is getting con- 
gressional attention because 
of Lexmark’s attempt to pro- 
tect its toner cartridges by 
citing the Digital Millennium 
Copyright Act (DMCA), a 1998 
law aimed at stopping music 
and movie piracy. 

In an interview, Rep. Rick 
Boucher (D-Va.) said the case 
illustrates the law’s shortcom- 
ings and charged Lexmark 
with using the DMCA to 
“thwart competition” — a 
charge that Lexmark denied. 

One of Lexmark’s key com- 
plaints is that SCC, in repro- 
ducing the printer chips, vio- 
lated the DMCA by circum- 
venting “secret handshake” 
authentication software built 
into the devices by Lexmark. 

But DMCA critics contend 
that such authentication pro- 
tections could be applied to a 
range of software and hard- 
ware products. In January, 
Boucher reintroduced legisla- 
tion that aims to change the 
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Dell’s Storage Chief Pushes for Fast Growth 


BY DON TENNANT 


| manages what he calls an “emerging” 
SCOTTSDALE. ARIZ 


business that already produces revenue 
of $1 billion per year. At a recent confer- 
| : . 
| ence held here by Cambridge, Mass.- 


As the executive in charge of Dell Com- 
puter Corp.’s storage unit, Russ Holt 


V2X Shared Virtual Array™ Subsystem 


The only disk system that lets you use 100% of its capacity, so you can consolidate 
your data and save on your budget. Used with SnapVantage™ software, you can easily 


consolidate Linux servers and centralize system management. 


L5500 Automated Tape Library 
& T9940B Tape Drive 


Our largest, open systems tape library gives you ample space (up to 13.2 PB) to 
consolidate data from all your different systems. And with 200 GB capacity per cartridge 


and30 MB/second transfer rate, the T9940B lets you do more work in less time. 


Find these and other 
r 


tting solutions 


ge STORAGETEK 
Save the Day.” 





based Forrester Research Inc., Holt, vice 
president and general manager of Dell’s 
Enterprise Systems Group, spoke with 
Computerworld about where Dell’s 
storage foray is heading. 


Given that many companies are undergoing 
server consolidation by means of augment- 
ing their storage resources, do you see 
Dell’s storage group taking any business 
away from its server group? There is a 
trend toward consolidation, but we 
don’t see it necessarily as fewer 
servers. There’s no lack of necessity 
still for the computing capability and 
the applications, but from the CIO’s 
perspective, it was becoming 

very difficult for him to manage 

that. What we’ve seen is a trend 
toward rack-dense or rack-opti- 

mized servers; the form factors 

have changed. And what we’ve 
typically found is that cus- 

tomers are adding new projects 

and applications for produc- 

tivity, so it tends to offset the 


| consolidation that’s happening. 


But you do see server consolidation as a 
driver for your storage business? Ab- 
solutely. It’s an easier-to-manage, more 
effective use of disk space. You can 
have one administrator supporting 
6TB as opposed to just being able to 
support ITB before. 


What percentage of Deli’s business is stor- 
age at this point? We’re over $1 billion in 
annual revenue for our external stor- 
age. Dell’s total revenue is over $30 bil- 
lion, so storage is a small portion right 
now. But we look at it in the whole 
context of our enterprise business, 
which now accounts for about 20% of 
our total revenue. 


What will your storage business look like 
in five years? From the standpoint 

of product capabilities, it will just be 
to continue to monitor and adjust 
with the trends. We have a very com- 
plete portfolio of storage products 
right now. 


What is your monitoring of the iSCSI trend 
telling you? The standard for iSCSI was 
just ratified a month ago [QuickLink 
36334]. These emerging technologies 
tend to take off a lot slower than most 
analysts would like them to. I don’t ex- 
pect that iSCSI is going to replace Fi- 
bre Channel. However, there are some 
clear uses where iSCSI will provide 
some benefits. The first environment 
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is in wide-area connectivity for SANs 
[storage-area networks]. Another use 
is providing [block-level data] support 
on network-attached storage [NAS]. 
Currently, NAS boxes are only file- 
based access. 


How about the InfiniBand 1/0 technology? 
It’s one of those products in the very 
early stages of standardization, so it’s 
not something that’s going to happen 
overnight. As the modular blade-type 
servers start to standardize a bit more, 
we think InfiniBand will play a key 
role in the system-level communica- 
tion between servers. We don’t see In- 
finiBand taking over storage intercon- 
nects like Fibre Channel; we don’t see 
it taking over the network like IP. But it 
will be an important transport 
medium between modular 
servers. 


So would your strategy be to let 
IBM and Sun test the InfiniBand 
waters or to jump in first? We're 
working on InfiniBand-related 
products ourselves; we won't 
necessarily wait for IBM or Sun 
to pave the way. But we’re also 
very keen on delivering rele- 
vant technology. InfiniBand is relevant, 
but the timing is what we’re working 
through right now. 


How do you see your relationship for re- 
selling EMC’s Clariion midrange arrays 
evolving over the next few years? We en- 
tered into the relationship in October 
of 2001; the tenets that led us to the re- 
lationship hold and have been validat- 
ed. [Dell’s] view [is] that all technology 
is progressing along a standardization 
curve. The area where there’s still a lot 
of complexity and a lack of standards 
is in the Fibre Channel SAN area. From 
a Dell perspective, that’s not an area 
where we want to invest a lot of our 
own resources, because there aren’t 
standards there. So we chose to part- 
ner with EMC. 


What's going to be new from Dell storage- 
wise over the next year? You’ll see Fibre 
Channel-connected ATA [Advanced 
Technology Attachment] drives com- 
ing from Dell and EMC in the first half 
of this year. That will allow customers 
to continue to put their business appli- 
cations and mission-critical data on 
core Fibre Channel systems but have 
the capability for snapshots or mirror- 
ing [on] less expensive disks. That will 
progress to Serial ATA starting to show 
up in the latter part of the year and ser- 
ial-attached SCSI devices about a year 
after that. D 





V2X Subsystem 


To me, success is a 35 minute lunch. 
At a restaurant, not my desk. 
Means I’m not wasting time doing the 
same data management task again and 


again and again and...well, you'get it. 


i \ 


Isave the day. 


Consolidate your work by consolidating data from all your different systems. One way is with a V2X Shared Virtual Array“ subsystem 
and SnapVantage” software to unite all your Linux virtual servers. Or an L5500 automated tape library and T9940B tape drive. There 
are other ways, too. We'll help find the one that's best. So storage administration takes a smaller bite out of your day. Learn more 


about this story and other ways we can help you at www.savetheday.com we STORAGETEK’ Save the Day 
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OPINION 


PATRICIA KEEFE 


Iraqnophobia 


AR. IS THERE A MORE sobering 
word? A more terrifying prospect? 
Today, the threat hangs heavy in the 
air, clouding conversation, darkening 


our doorways and liable 
to fall upon all our heads 
at any moment. 

As the Bush adminis- 
tration marches resolute- 
ly into the stiff wind of 
global disapproval, we’re 
all steeling ourselves for 
the impact — of what we 
don’t yet know. 

For reservists, it could 
mean a Call to duty. As a 
neighbor once said to me, 

“It may look like we’re 

just fooling around out 

here one weekend a month, but we’re 
not. This is serious stuff.” Indeed. He 
got called up almost a year ago. 

Although most of us won’t be 
slinging an M-l6 over our shoulders, 
the threat of war changes everything. 
Especially for IT. Sure, we’ve already 
spent the past two years operating 
under some very trying circum- 
stances, so you might wonder how 
much tougher it can get. 

That depends mainly on two 
things: how prepared you are to se- 
cure and defend your company’s digi- 
tal assets and infrastructure, and 
whether, and how long, we go to war. 

Duct tape and plastic sheeting 
aside, there are real steps you can 
take. The key for IT leaders, notes 
French Caldwell, a research director 
at Gartner, is that in an era when 
events in the physical world are re- 
flected online, systems connected to 
the Internet are particularly vulnera- 


ble. Take Delta Air Lines’ estimate of | 


500 attempts daily to break into its 
systems or the recent theft of an esti- 
mated 8 million credit card numbers 
from Data Processors International. 
Remember the speed and reach of 
the Slammer worm. 

The issue seems less the much- 
hyped cyberterrorism, and more the 
need to secure critical enterprise in- 
frastructure and data from hactivists, 





new viral strains and 
physical assault. 

And yet Gartner last 
week said that one-third 
of the 250 businesses it 
surveyed face the loss of 
critical data or operating 
capability in the wake of 
a “severe calamity.” An- 
other research firm, Meta 
Group, estimates that only 
20% of the Global 2,000 
have truly effective busi- 
ness continuity plans — 


| 
capable enough to enable 
their organizations to survive a disas- | 


ter without lasting adverse effects. 

Even without war, you’d better 

@ Develop a business continuity 
plan, and appoint a cyberincident re- 
sponse team. 

@ Nail down a serious security 
plan. Don’t just put the manual in a 
corner. 

@ Create an “air gap” between criti- 
cal infrastructure control systems 
and mission-critical applications and 
the Internet. 

® Develop an e-mail policy. Last 
week’s revelation about the sendmail 





vulnerability was a timely wake-up 
call (see Frankly Speaking, page 54). 

If we go to war, you can expect 

@ A call from the CEO asking to re- 
view your disaster and business con- 
tinuity plans. 

@ Fewer in-person due diligence 
checks from U.S. partners at overseas 
outsourcing firms, which will see a 
possible slowing in their sales cycles. 

@ Rising anti-American sentiment 
driving the need to protect overseas 
offices, personnel and systems. Trav- 
el screeching to a near halt. (Video- 
conferencing and the telecoms will 
be the big beneficiaries here.) 

If the war drags on, IT will be 
fighting a battle on two fronts: eco- 
nomic and security: 

@ A lengthy engagement is expect- 
ed to bring spending and the econo- 
my to a virtual standstill while push- 
ing oil prices skyward, negatively af- 
fecting corporate budgets. 

@ As the threat of physical and cy- 
berterrorist attacks spirals, some 
companies may want to look into bio- 
metric physical security devices. 

You never know when a war-relat- 
ed incident could give new meaning 
to the term agile corporation. As for- 
mer cybersecurity czar Richard 
Clarke often reminded us, the nation 
is counting on the private sector to 
combat threats to our critical infra- 
structure. Don’t be caught unaware. D 





Shows uplate, 
blames it on “Nobody picks up 
hitchhikers anymore.” 


When asked about any 
— potential acquisitions, 
replies, “I wish.” 


ye if you're going to 
finish your coffee. 


O04 COMPUT RWoRLD 


Makes corrections to his 
company’s letterhead 
during meeting. 


won. jklossner. com 





www.computerworld.com 


PIMM FOX 


Worse Than 
Death and 
‘Taxes? 


HREE THINGS IN LIFE 
are certain: Death, tax- 
es and lost data. 

If you’re an IT executive, 


this third bane of your exis- 
tence probably isn’t going to get much 
worse. But if you’re in finance, new 
regulations governing the retention 
and management of internal and ex- 
ternal communications might make it 
seem worse than death or taxes. 

The Securities and Exchange Com- 
mission’s new Rule 17a-4 goes into ef- 
fect in May. (There are also revised 
rules from the New York Stock Ex- 
change.) It specifies communications 
compliance that covers e-mail, attach- 
ments, memos and instant messaging 
as well as routine 
phone conversations. 

The quandary for 
IT departments is 
how to compile the 
arsenal of software 
and hardware tools 
necessary to capture, 
store and easily re- 
trieve the oceans of 
data sloshing around 
a financial services 
firm. For example, 

Merrill Lynch had : 

more than 57,000 viebimnial in 36 
countries at the beginning of 2002. 
That’s a lot of people communicating 
in a variety of ways to many other in- 
dividuals. 

This communications tracking and 
management costs big bucks, accord- 
ing to Charles Brett, a senior program 
director at Meta Group. He estimates 
that a firm with 5,000 brokers gener- 
ates about 20GB to 50GB of e-mail per 
day to be stored on nonerasable opti- 
cal tapes. “Each WORM [write-once, 
read-many] tape holds about 9GB,” 
Brett says. “So you might be looking at 
$150 to $500 a day, every day, and 
that’s just the cost of the disks.” 

Obviously, there’s storage, duplica- 
tion and management as well. And 
you'll need search tools to check for 
keywords (“Get rich quick” comes to 
mind). Other costs must be consid- 
ered as well. Brett estimates that com- 
panies can spend upward of $1 million 
just to get started. 





Are You Prepared for 
LT We O(log 


ee rem Uta 
— Case Studies 
7 SS Se 





Witness the World’s eT 
Interoperability 
and Solutions Demo 


lita Meet Industry Leaders 
meet. Crraee FEL 
or 3S.) Education 

Recognize 


Best Practices 
Pre-Conference 
CPO erie) 


Storage Networking World" Spring 2003 Sponsors as of 2/19/03: 


SW 
EMC = 


FUJITSU = HITACHI 


intel 


fa LEGATO 








A ee Continuity *.Data Management and Security * Emergi 


April 14-17, 2003 
nT Marriott Desert Ridge Cone aI em ar ae r 





e 


olor 





See and hear: 
a Regis McKenna 
Renowned 


Technology Advisor 
Venture Capitalist 
and Author 


fy Ulrich Seif 
) SVP & ClO 
& National Semiconductor 


SUE aU Rue el umn erie meaty 
for IT users involved in storage and related technologies 


See 50+ companies work together-with storage technologies 
including SMI-S, CIM, SAN Infrastructure and IP Storage 


Network with luminaries, press and analysts 


Includes SNIA-Certification “Test-Ready” Courses (see Web 
site for details), SNIA-produced tutorials, general sessions, 
the Interoperability and Solutions Demo 


Steve Romaine 
~/ Chief Architect 
~ The Hartford 


David 


SNW Best Practices in Storage Awards Program 


Complimentary golf outing 
mcm Oley 





eee) rs te es 
— 


AMIQ” AVAMAR #BakBone a 


CommVault 
Systems 


‘— 
foWorld 
BiolT World 
DSstar 


Aili a G7] 


CANDERA 


weCreekPath D@LL 


Sent a 
DECRU wranoe aly (POST 
wnanas eg INFOSTOR 


NORTEL 


NETWORKS 


Power eyi/ 


STORABILITY 


syncsort 


Sanera 


os Sun 


TidalWire 


For more information visit WWww.snwuSa.com/expo or call 1-800-883-9090 (508-820-8159) 
To sponsor and participate, call Ann Harris at 1-508-820-8667 


eras 
PACA D3 


wa ~Find the World’s Best 


Cee. 


lel Storage Solutions and Education! 


investments and 
Teese ey 


to efficiently and IRA : Register today to attend the world's 


Petts musa oe 





April 14-17, 2003 


premier event on: 


_ a N ETWO R KI N G Storage Management 
=f . >» => es wp | ¢ Enterprise Infrastructure 
Business Continuity 


Emerging Technologies 


where IT Managers and professionals get an SNIA-endorsed 
education, a hand’s on view of the world’s only SNIA-sanctioned 


Fran Dramis e 
masa n Usa . f 
OOS aggre JW Marriott Desert Ridge Resort Data Management and Security 

eae Phoenix, Arizona 

pe COMPUTERWORLD <2 SNIA 
Are you wrestling with storage and data management in today’s 
ae DR Ee) challenging business climate? Is your infrastructure under increased 
Pantie pressure? Are business continuity worries keeping you up at night? 


Tater utes (ett) Then attend Storage Networking World (SNW), the only conference 


Regis McKenna 
Renowned Technology Advisor, 
» Venture Capitalist and Author 


pee nr New Technologies and Industry Standards: 
COMPUTER OPERATIONS Separating Hype from Reality 
SN aia lie 


Ulrich Seif 


| EvP&Cio 
National Semiconductor 


See the World’s Foremost Storage 
Interoperability & Solutions Demo! 


“Uniting the World of Storage” 


~~ Do you have the cost-effective infrastructure to support 
your disaster recovery strategy? Still struggling with 
interoperability when everyone else has moved on? 
Wonder if SNIA technology specifications really make a 
difference? Need to manage more storage with the 
same fixed resources? Ready for iSCSI? If you 
answered yes to any of these questions, then you need 
to see the SNW Interoperability and Solutions Demo! 





eo See and Hear Regis McKenna 


Find Out How ClOs Are Coping 


Interoperability and Solutions 0, and access to legions of peers, 
experts and solutions you won't find anywhere else. 


Hear Real-World User 
implementation 
Case Studies 


At Storage Networking World, you'll 

see IT managers and professionals 

describe how they implemented key 

storage technologies in today's 

world. You'll learn from their valuable lessons and have an 
opportunity to network with them. 


Get an SNIA-Endorsed Education 


¢ A Primer delivering basic storage «= 
concepts, terminology and busi- 
ness applications. 


¢ Exclusive SNIA-produced and 
Delivered Tutorial Sessions, offer- 
ing immediately implementable 
tips, tools and techniques that cover: 
© Voice of the User and Virtualization 
¢ Disaster Recovery, Backup/Restore and High 
Availability Solutions 
* Securing and Managing Your Storage Networks 
* Focus on Networking Your Storage 
* Focus on Storage 


See the World’s Largest Storage 
industry Expo 


ae " 2 5 In “The Demo”, you'll see over 50 SNIA member You'll participate in live demonstra- 
help companies demonstrate the spectrum of solutions. You'll meet the experts, get p P : = 
solve Cs your answers, and see the true value of SNIA technology specifications that tions and meet exhibiting compa- 
Pee curls} Ps reduce risks, increase interoperability, and provide common foundations to nies specializing in the latest data 
Pol enable vendor choice. And you'll see the latest products with increased storage management and storage network- 
* er Square foot, new tools to automate management and to span more vendors, ing products and services. 
Pe 
cs 
ee For more information and to register, 


eetariaae visit WWW.snwusa.com/expo or call 1-800-883-9090 


(1-508-820-8159) 





ROD 
LUCERO 
Chief Architect 
Conseco Finance 


BILL 
MORRIS 
Vice President of IT 
Draft Worldwide 


REGIS 
MCKENNA VAN OPPEN 
Renowned Technology Chairman & CEO 
Advisor ADIC 
Venture Capitalist and 
Author 


WESTON 
Risk Manager 
Fidelity Investments 


Computer Associates 


STEVE 
ROMAINE 
Chief Architect 
The Hartford 


PIERRE 
BAUDET 
Business 
Systems Manager 
New Balance 
Athletic Shoe, Inc. 


CHERYL 
GLORE 


Planner 


‘Squadron 


YOGESH 
GUPTA DUPLESSIE 
cto Founder and 
Senior Analyst 
Enterprise Storage 
Group 


Storage Solut 
Software 


Company 


Chief implementation Vice 
Patrick Air Force 
Base, 45th Space 


Communications 


SVP & GM, Network 


MO 
ASGARI BLACK 
sident of | Storage Architect 
Technology Telus 
Photo Channel mmunications 
Networks 


Senior Storage 
and Systems 
Architect 
United Loyalty 
Services 
(United Airlines) 


Intelligent Storage 
Technologist 
University of 


Minnesota Digital 
Technology Center 


Group Vice President 
ions tegy IDC Storage Research 
IBM Corporation 


EvP & CTO 
VERITAS Software 


Hewlett-Packard 


* 
Agenda Snap hot For details, updates, and to register visit www.snwusa.com/expo 


| Tuesday, April 15 
(General Conference - Day One) 


Monday, April 14 


(Pre-Conference Activity and Tutorial Sessions) 


9:30am-11:00am 
12:00pm-5:00pm 
1:00pm-2:00pm 


Primer 


rial Ses: 
choose from five dif! 
Break 
SNIA Tutorial Sessions 


2:00pm-2:10pm 
2:10pm-3:10pm 


from five different sessions 


3:10pm-3:20pm 
3:20pin-4:20pm 


4:20pm-4:30pm 
4:30pm-5:30pm 


7:00pm-9:00pm 


Register Today! 


Options for IT End-Users* 
e Pac Apr. 15, 16 


| aE TICES IN} 
STORAGE | 


} 
Submit your nomination today at 


or email Nanette Jurgelewicz at 
nanette_jurgelewicz@ computerworld.com 


7:15am-8:15am 
8:30am-9:15am 
9:15am-12:00pm 
12:15pm-1:30pm 
1:45pm-4:00pm 
4:00pm-5:30pm 


Continental Breakfast 
Opening Keynote: Regis 
General Si S 
Networking Luncheon 
General Sessions 


siness Tracks 
Expo, Buffet Dinner, Inte 
and Soiutions Demo 


5:30pm-8:30pm 


Wednesday, April 16 


(General Conference - Day Two) 
7:15am-8:15am 

8:30am-9:05am 
9:15am-12:00pm 


Continental Breakfas 
Opening Keynote: David 
General Sessions 


eption 


Pre-Registration 
$1,095 


Travel and 
Accommodations 


IDG Travel is the official & 
travel company for sID . 


Storage Networking 
id. They are your one-stop shop for 
jusive discounted rates on hotel 
ommodations. 


To reserve your accommodations: 
visit www.etcentral.com OR 
call 1-800-340-2262 (or 1-508-820-8159) 


Technical, Technical/Business and 


12:00pm-1:30pm 
12:00pm-7:15pm 


Expo, Buffet Luncheon 
Interoperability and 

Solutions Demo Open 

General Sessions 

Break 

Technical, Technicai/Business and 
Business Tracks 

Expo Open 


30pm- Gala Evening 
| 
| 
| 
| 


1:45pm-3:50pm 
jpm-4:00pm 
00pm-5:00pm 


McKenna 


sroperability 


Thursday, April 17 


(Tutorial and Workshop Sessions) 


7:30am-8:30am 
am-11:45am 


nental Breakfast 
Technical, Technical/Business and 
Busin cks 


Chamberlain Conference Concludes 


On-Site Registration 


Pre-Conference 
Golf Outing 


Complimentary for Registered IT Users 


The Pr e Golf Outing at The Palmer 

Course at Wildfire, located at the JW Marriott Desert 

Ridge Resort, is $165 value) for reg 

is ants, including 

a available” basis and are 


responsible for all icable golf outing expenses). 


For details: contact Chris Leger at 1-508-820-8277 





IT Managers 


PTB a CAA TLEL Sy 
Asay Lb 


RO BT ue Cie 
Semi A 
Tu ee 
SARL 
PMc ls] 
Pur mur Ru m8) 
Pee al 





mat 
gist 
rea 
Bradt 





Weed 
cio 
BURLINGTON COAT 
7 eed 


ae oe 7) 
resource for 
Se le mettle) 


S| 


y 


Yea) 
bi asst 
SHARED SERVICES AND 
ee aT ee) hy 


sTor | 
| NETWORKING | 


| WORLD| 


TO REGISTER: 


Options for IT End-Users* 


April 14-17, 2003 
JW Marriott Desert Ridge Resort 
Phoenix, Arizona 
WwW.snwusa.com 


des General 


Options for IT Vendors** 
Total 4-day Package 


<2 SNIA 
~—— 


ich, ace 


and other “non-IT end-user 


rofessionals as defined by Co 


¢ Fax this form to 508-626-8524 
¢ Or register online at www.snwusa.com/expo 
You will receive a confirmation via email 


Pre- — 


> (Apr. 14, 15, 16, 17) 


e Package: Technica 


(Apr. 14, 15, 16, 17) 


ount representatives/business development from any com 
from the “IT End-User” designation. Enforcement of this interpretation and policy is a 


Ih sponsor 


uiterwor'd), may apply for regi 


hip. (Details are 


Application for Conference Registration 


QUESTIONS? 
© Call: our Customer Service Line at 800-883-9090 


© Email: snwreg@computerworld.com 


CODE: EXPO 
On-Site Registration 


ith after April 11th 


Q $1,690 
Expo, Meal 


Q) $1,690 


Q $5,000 


our conference 
capitalists, and anyone else attending who does not have IT purchasing influence within 
ie sole discretion of Computerworld. Questions? Please call 1-800-883-9090. 


alling Ann Harris at 1-508-820-8667.) Alternatively. vendors (as well as venture capitalists, 
the “non-sponsoring vendor” rate. Determination of what constitutes a “non-sponsoring vendor” 


avi 
ystration 


s at the sole discretion of Computerworld. You will also be required to adhere to our non-solicitation policy posted on-site 


Registration Information: (This section must be completed in order to process your application) 


First Name 
Title: 
Street Address: 
City 
Country 

ax Number 


Badge Name: 


Would you like to receive information about playing in the golf outing on Monday, April 14th (PM)? Q) Yes 
O1 


Qs Om 


Please indicate your preferred conference shirt size: 


Phone 


Middle Initial: 


Company: 


Number: 


E-Mail Add 


Qxt Oxxt O xxx 


Attendee Profile: (This section must be completed in order to process your application) 


SECTION A - FOR IT END-USERS ONLY 


Your Business/ industry: 


COLLO LLOLLLLL 


Estimated annual revenue 
Your Job Title/Function: of your entire company: 


EO/COO/Cha I 


Annual company IT budget 
(AIL IT products and services): 


Ooo OCOLOL 


Select item below that 

most closely matches your 
involvement in IT decisions: 
O Specify features/Te 


OCOULOOLOLOO 


SECTION B - FOR IT VENDORS ONLY 


Your Peeeenen seeeeey 
CEO/CC 
CFOK 


4 
a 
OM 
= 
4 
yu 


Annual company IT budget 
(Storage pepeacts and services): 


Your personal IT spending 
authority (All IT products 
and services): 

$100 Mi 


$50 M 


) Mi 
$4.9 Millior 


$1 Million 


ess than $500,00( 


Your personal IT spending 
authority (Storage products 
and sexvices): 

$100 Mil! 


Last Name 


Suite, Apt., etc 


State/Prov: Zip/Postal Code: 
Extension: 


iress: 


O) Special Services Required? (Pk 


QO No 


Payment Method 


QO) Check Enclosed (checks must be received by 4/4/03) 
Make payable to: Cor rworld; Mail to: Computerworld, Attn: Pam 
M ki, 500 Old ¢ ticut Path, Framingham, MA 01701) 


OQ) MasterCard 


ne 
) American Express Q) VISA 


Account Number 


Expiration Date 


Card Holder Name: 


Signature of Card Holder 


Cancellation Policy 
Hi 


Computerworld reserves the right to limit and/or refuse 
any registration for any reason. 


Monday, April 14, 2003 


* Pre-Co olf Outing 
© Pre-Cc asenaca ta tworking Receptior 


eee os 15, 2003 





Expositior 





Wednesday, Sl 16, 2003 
* Gener a c 


Exposition 


y and Solutic Gala Evening 


ons Demo 


Gannon April 17, 2003 


* Tutorial Sessions 








www.computerworld.com 


OPINION 


COMPUTERWORLD March 10, 2003 21 





Unfortunately, few IT departments 
are being given meaningful guidance 
by compliance and legal departments 
about where and how to invest the 
money. So, many are relying on ven- 
dors to know what technology is or 
isn’t required. 

“There are some pretty immature 
solutions out there,” says Brett. 

It’s possible to capture everything 
inbound and outbound, but capturing 
the internal stutf gets complicated. 

As a result, some companies are look- 
ing at this as a chance to re-evaluate 
e-mail at the enterprise level and initi- | 
ate operational management of e-mail 
— for example, making users catego- 
rize e-mail before it’s distributed and 
archived. 

Brett says the most important ques- 
tions for potential vendors are about 
scalability and ownership. 

Can they demonstrate real scalable 
solutions, and what is their specific 
expertise? Without these answers, 
your communications aren’t being giv- 
en the attention the law demands. D 


THORNTON MAY 


Save the 
Suits From 
Themselves | 


UDY GIULIANI argued 

that the best way to 

fight crime is to fight 
the disorder that precedes it 


— those quality-of-life crimes 
such as spraying graffiti, panhandling, 
breaking windows, littering and letting 
buildings crumble and decay. I think 
you can make a similar argument that 
the best way to improve ROI for IT is 
to fight the mental disorder that bur- 
dens IT’s reputation — those quality- 
of-mind crimes such as underinvest- 
ing, overinvesting and bad personal in- 
formation-management behavior. 

What leads me to this line of think- 
ing is some work I’ve been doing with 
Hal R. Varian, dean of the School of 
Information Management and Systems 
at the University of California, Berke- 
ley. While conducting focused re- 
search in the financial services mar- 
ket, we found the highest mental 
crime areas to be the following: 

@ Information opportunity: Deter- 
mining where IT money should be 
spent. 

® Application IQ: Spending the 
money on the right technologies. 





@ Information economics: 
Getting the best deal on the 
money we spend. 

In recent years, the ability 
to purchase technology has 
run ahead of the typical or- 
ganization’s ability to ex- 
tract maximum value from 
what it’s been buying. The 
“whisper number” (the one 
no one likes to publicly ac- 
knowledge) for annual IT 
waste is around $75 billion. 
These are dollars spent 
yearly on failed IT projects. 
IT managers are certainly 
not blameless in this annual value 
sinkhole, but we frequently forget that 
for every dollar wasted, there were 
users — let’s call them “Suits” — who 
were very close to the center, where 
choices were made and value was de- 
termined. 

The unspoken dirty secret in IT 
waste: “It’s not the technology. It’s the 


Suits who are funding the technology.” 


For the longest time, IT managers had 
a credibility problem with the busi- 


ness. But in reality, the in- 
verse is true; the business 
has a credibility problem 
with IT. 

John Adams, one of the 
political geniuses behind 
the Declaration of Inde- 
pendence, often wrote his 
much-loved wife, even dur- 
ing the darkest days of the 
American Revolution. In 
one note, he said, “We can- 
not guarantee success, but 
we can deserve it.” The tru- 
ly sad reality of the preg- 
nant-with-opportunity age 

we live in is that most Suits don’t de- 
serve success from their investments 
in IT. They haven't laid the ground- 
work or done the homework necessary 
to develop good IT judgment. 

The question facing IT leaders to- 
day is, What is the minimal obligation 
of IT to educate the Suits in the non- 
toxic or, at a minimum, nonwasteful 
use of information technologies? 

Most IT shops have determined that 
they need do nothing more than train 





executives in the use of low-level 
desktop applications. This is the tech- 
nology equivalent of a sixth-grade ed- 
ucation. Technology literacy will be- 
come foundational to the economy of 
the future. Suits must know more 


| about IT. IT leaders need to know 


more about what the Suits know and, 


| more important, what they don’t know 
| about IT. 


Regarding the technology literacy of 


| executives, IT leaders need to deter- 


mine the following: 

@ Things Suits currently “know” 
that they need to unlearn. 

@ Things Suits should know that 
they never learned. 

@ Things that accelerate the Suit 


| technology-learning processes. 


In advanced companies today, IT 
leaders are evaluating their peers on 
their technical competence. Your com- 
pany should be doing it too. D 
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Measuring Risk 


HE REPORT “Ridge Releases 

Cyberdefense, Physical Strate- 
gies” [QuickLink 36404] reflects 
the seriousness of the need for cy- 
bersecurity improvement - and the 
potential for regulatory intervention 
if the market fails to respond ade- 
quately. While government efforts 
to establish a cyberattack alert sys- 
tem are laudable, it is essential that 
both the private and public sectors 
get the kind of qualitative guidance, 
and associated risk metrics, that 
will enable them to identify, mea- 
sure and manage the risks to their 
information technology and com- 
munications environments, and to 
get credible RO! data on informa- 
tion security investments. That 
means the establishment of the 
Generally Accepted System Securi- 
ty Principles. The principles are a 
standard population of threats and 





' 


ata a 


quantitative risk assessment tools 
that enable organizations to identi- 
fy, measure and manage risk con- 
fidently, applying the long-accepted 
measure of business - ROI - to the 
broad array of safeguard and con- 
trol investments for information 
security. 

Will Ozier 


| President, OPA Inc., Fairfield, 


Calif. 


| Broad Expertise 


AVID FOOTE’S column “IT 

Job Trends Yield Surprises” 
[QuickLink 36015] was informative, 
but the way he compares special- 
ists to generalists seems a bit 
shortsighted. In my experience, be- 
ing an expert in one field has many 
important benefits, regardless of 
the job market. One is that people 
often consider experts to be expert 
in other, complementary fields. An- 


Teleworking Loses Some Face Value 


NFORTUNATELY, since most 

companies still don’t have a 
formal teleworking plan in place, 
most managers still view telecom- 
muting as a perk that is an excep- 
tion rather than the rule [QuickLink 
36517]. After six years of success- 


ful telecommuting in the after- 
noons, | lost my last job because 
the conditions for retraining in the 
new system required daylong face 
time. 

Ellen Cornell 

Marblehead, Mass. 





| other arises during the pursuit of 


expertise: You naturally acquire an- 
cillary skills, which often make you 
a generalist as a side effect. 

My own career is a good exam- 
ple. | have been a Borland Delphi 
specialist since Delphi's inception. | 
marketed myself only as such. As a 
Delphi “specialist,” | performed Or- 
acle, Interbase and Microsoft SQL 
Server database design, Web de- 
sign (including JavaScript and 
Perl), telecommunications, project 
management and more. 

Michael Nigohosian 

President, McGillis, Wilcox, 
Webster & Co., Chicago 

(and author of The Secret 
Path to Contract Program- 
ming Riches), 
m.nigohosian@mwweorp.com 


Following HIPAA 


HAVE BEEN LECTURING on 

HIPAA security and conducting 
compliance engagements since 
1998. In the article “HIPAA Data 
Rules Leave Choices to IT” [Quick- 
Link 36526], Karen Trudel of the 
Centers for Medicare & Medicaid 
Services is quoted as saying that 
encryption of health data transmit- 
ted over the Internet is no longer 
mandated and can be based on risk 





| assessments by companies. Actu- 
| ally, the business impact of doctors’ 
encrypting health data is ultralow, 


but doing so is probably the single 
best security control to protect data 
that can be used in a small practice. 
TruSecure’s Marne Gordon is also 


| off base in saying that litigation- 


wary companies might stick with 


| paper instead of rolling out auto- 
| mated medical records. The HIPAA 


privacy rule covers health records in 
all formats, paper or electronic. 
There is no advantage to not using 
electronic records, because you are 
still required to protect the data. 
Fred Langston 

Senior principal consultant, 
Guardent Inc., Seattle, 
Fred.Langston@Guardent.com 
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comments from its readers. Letters 
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Eckle, letters editor, Computerworld, 
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Fax: (508) 879-4843. 
E-mail: letters@computerworld.com. 
Include an address and phone num- 
ber for immediate verification. 

More letters on these and other 


topics are on our Web site: 
computerworld.com/letters 





Magic Pixie Dust 
was all the rage. And 


why not? The directions 


said that with one pinch, 


Magic Pixie Dust. 
The miracle everyone 
has waited for. 


servers would be imbued with 
“always on” capabilities. With another pinch, 
servers would be instantly gilded with more speed 
and performance. The servers would self-configure. They 
would never crash. Every server could connect with every other 
server in existence. Just one problem. The Pixie Dust didn’t work. 
AND THAT’S WHEN THEY CALLED IBM. 

The IBM @server pSeries” 650 running UNIX? It can run multiple partitions that 
can be dynamically reconfigured. On demand. It’s twice as 

powerful as the Sun Fire V880 in ERP: And unlike Pixie Dust, 


it works. ‘To learn more about the flexible p650 or to locate your The p650. 


The UNIX server 


‘ és everyone has waited for. 
IBM Business Partner, head over to ibm.com/eserver/p650 ” 


IBM eServer pSeries 650 (8 processors, POWER4+, 145 GHz, 1.5 MB L2 cache per 2 processors, 64 GB memory) was certified by SAP on 1/16/03 with the following SAP Standard 4.6C SD application benchmark results: 1,220 SD benchmark 

users, 1.95 sec. average dialog response time, 122,670 fully business processed line items/hour, 368,000 dialog steps/hour, 6,130 SAPS, CPU utilization of 98% with DB2 v8.1 and AIX 5L version 5.2. Sun Microsystems Sun Fire V880 (8 processors, 

UltraSPARC Il, 900 MHz, 8 MB L2 cache, 32 GB memory) was certified by SAP on 6/17/02 with the following SAP Standard 4.6C SD application benchmark results: 600 SD benchmark users, 1.96 sec. average dialog response time, 60,330 

fully business processed line items/hour, 181,000 dialog steps/hour, 3,020 SAPS, CPU utilization of 99% with DB2 v7 and Solaris 8. Results posted at http:/Avww.sap.com/benchmark. *U.S. list price as of 2/28/03 for p650 Express Configuration 

with AIX 5L, 2-way 1.2 GHz POWER4+-. Prices are subject to change without notice. Reseller prices may vary. IBM, the e-business logo, AIX 5L, DB2, eServer, POWER4+, pSeries and e-business on demand are trademarks or registered trademarks 

of International Business Machines Corporation in the United States and/or other countries. UNIX is a registered trademark of The Open Group. Other company, product and service names may be trademarks or service marks of others. 
2003 IBM Corporation. All rights reserved 





MAGIC PiXiE DUST 


Powerful magic prevents and 


repairs server crashes. 


Optimization? Sprinkle on 
server three times a day. 


Currently unrated in performance. 


Could be the greatest idea 
in the history of IT. 


Not available through IBM. 


Doesn’t actually exist. 


Powerful self-healing technology 


helps prevent server crashes. 


Partitioning? Built in. 


Twice as powerful as the 
Sun Fire V880 in ERP’ 


Could be the greatest idea 
in the history of UNIX. 


Available through IBM and 
IBM Business Partners. 


2-way starts at $31,495" 


© business on demand 





ROBUST OBJECT DATABASE 
Tice Midsiln eile 
PPR el Na 


Our post-relational database. 
It combines the best technologies 
in the database world. 


For your next generation of applications, 
move to the next generation of database technology: 
Caché, the post-relational database. 

What makes Caché “post-relational”? It provides 
developers three integrated data access options which 
can be used simultaneously on the same data: an 
advanced object database, high-performance SQL, 
and rich multidimensional access. 

Because Caché’s architecture is a multi- 
dimensional structure, applications built on it are 
massively scalable and lightning-fast. 

Plus, no mapping is required between object, 
relational, and multidimensional views of data. 
This means huge savings in both development and 
processing time. And, Caché-based applications 
don’t require frequent database administration or 
hardware and middleware upgrades. 


More than just a database system, Caché 
incorporates a powerful Web application develop- 
ment environment that dramatically reduces the 
time to build and modify applications. 

The reliability of Caché is proven every day in 
“life-or-death” applications at hundreds of the 
largest hospitals. Caché is so reliable, it’s the world’s 
leading database in healthcare — and it powers 
enterprise applications in financial services, 
government and many other sectors. 

We are InterSystems, a specialist in database 
technology for 25 years. We provide 24x7 support 
to four million users in 
88 countries. Caché is 
available for Windows, 
OpenVMS, Linux and 
major UNIX platforms. 


InterSystems » 


Ec CACHE 


Make Applications Faster 


Download a fully-functional version of Caché or request it on CD for free at www.|nterSystems.com/post-relational 


© 2002 InterSystems Corporation. All rights reserved. InterSystems Caché is a registered trademark of InterSystems Corporation. 
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OR MORE THAN THREE DECADES, 
microprocessors have doubled 
in power every 18 to 24 months. 
That progress will continue for 
another 10 years or so, chip mak- 
ers say; then some new technol- 
ogy may have to be found to re- 
place the silicon semiconductor. 
Unfortunately, the companies that 
make microprocessors and use them to 
build computer systems can’t just catch 
a free ride on the back of Moore’s Law. 
As silicon transistors grow smaller — 
there will be a billion on a single chip 
in five years — chips become exponen- 
tially more expensive to design, man- 
ufacture and test. And the laws of 
physics intrude: In the mysterious 
realm called “deep submicron,” for ex- 
ample, power dissipation gets nearly 
impossible to control, and cosmic rays 
cause random processing errors. 


“The power-dissipation problem 
will prevent the further scaling after 10 
. years. Improvements will come about 
\ from system-level integration rather 
\ than transistor-level enhancements,” 


; says Bijan Davari, technology vice pres- 
ident at IBM’s microelectronics division. 
, About 60% of the total performance 
\ gains in microprocessors have come 
from higher clock frequencies result- 
X ing from smaller and faster transistors. 
8 The balance have come from process- 
Continued on page 26 
. i! : 
Chip makers will have 
. apge 
achieved 10 GHz and 1 billion 
s . 
transistors in five years, 
s s 
but progress is getting 
harder. By Gary H. Anthes 


MICHAEL BARTALOS 
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MICROPROCESSORS 
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Continued from page 25 
ing architectures that allow the execu- 
tion of more than one instruction per 
clock tick. A microprocessor can do 
that by predicting the flow of a pro- 
gram through several branches of pro- 
gram logic or by executing instructions 
“speculatively” — before they are need- 
ed. But pushing those tricks further is 
becoming difficult and expensive. 

“We've gone from being able to exe- 
cute two instructions at a time to eight 
or more,” says James Hoe, a professor 
of electrical and computer engineering 
at Carnegie Mellon University in Pitts- 
burgh. “But we are at the limit. The ar- 
chitecture is not scalable.” Hoe says 
microprocessor developers will in- 
creasingly rely on the following ambi- 
tious schemes to find “parallelism” in 
programs and job streams: 

= Multithreading: Breaking a single pro- 
gram into multiple instruction streams, 
or threads, to be processed simultane- 
ously. Each thread could handle a data 
packet or transaction, for example. 

= Simultaneous multithreading: A tech- 
nique that makes a single physical proc- 
essor appear to software as two proc- 
essors, So two programs can execute 


simultaneously, boosting total through- | 


put. Intel Corp.calls it “hyperthreading.” 
= Chip multiprocessing: The placement 
of two or more physical processor 
“cores” on one chip. The cores can run 
independently but share some resources. 
IBM is shipping a dual-core Power4 
processor, and Sun Microsystems Inc. 
is expected to unveil one later this year 
in its UltraSPARC IV. Intel will intro- 
duce a dual-core Itanium chip in 2005. 
= Runtime optimization: Using a combi- 
nation of special processor circuits and 
a dynamic runtime compiler to contin- 
uously analyze program behavior and 
reorder instructions for better perfor- 
mance. While this doesn’t make the 
processor run faster, it does improve 
what the user cares about: throughput. 
“It’s becoming exponentially expen- 
sive to find more parallelism in a sin- 
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gle instruction stream,” says Justin 
Rattner, an Intel senior fellow and di- 
rector of microprocessor research. “So 
there will be increasing emphasis on 
thread-level parallelism, the number of 
threads per processor and the number 
of processors per chip.” 

Rattner says Intel is also doing re- 
search on processors and compilers 
that together optimize program perfor- 
mance in real time. “We are looking at 
program-visible instrumentation so 
the compiler has access to [runtime 
conditions],” he says. “This is on the 
fly; this is the compiler in the loop.” 

The technique has improved perfor- 
mance by a factor of two to four, Rat- 
tner says. Improvements in basic semi- 
conductor technology will triple mi- 


| croprocessor clock speeds in five 


years, he predicts. But those clock im- 
provements plus improved exploita- 
tion of parallelism by various means 
will boost total throughput by a factor 


of six to seven, Rattner says. 


Multithreading and chip multiproc- 
essing will be especially important in 
servers, because they routinely handle 
workloads — transaction-processing, 
Web and database applications — that 
are inherently threaded. 

Desktop PCs are more likely to run 
single-user, single-threaded applica- 
tions. As a result, the relentless race 
for higher processing speeds on the 
desktop may soon be meaningless, says 


Kevin Krewell, a senior analyst and ed- | 


itor of MicroDesign Resources’ “Mi- 
croprocessor Report” newsletter. 

“In servers, more power and scalabil- 
ity are always welcome,” he says. “But 
on the desktop, what do you do with 
3 GHz, 4 GHz, 5 GHz? There could be a 
plateau, when we get the ‘good enough’ 


OIZE MATTERS 





High-end servers today con- 
tain 64-bit processors, while 
desktops and notebooks run 
32-bit CPUs, as do many low-end servers. Most servers need, or would 
at least benefit from, the 4GB-plus memories that a 64-bit address 
space permits. Vendors disagree on the timing, but it's reasonable to 
think that desktop PC users will someday also want 4GB of memory. 

It will be more than five years before desktop PCs are routinely pow- 
ered by 64-bit processors, says Justin Rattner, director of micro- 
processor research at Intel. In the meantime, Intel's 64-bit Itanium 
line for servers and the 32-bit x86-based processors for desktops 
and notebooks will move ahead independently. 

In contrast, Advanced Micro Devices Inc. says it will moveitsen- 
tire line of microprocessors to 64 bits in 2004. Its new Opteron chip 
for servers, to be introduced next month, will be able to run both 32- 
and 64-bit software. Servers with 32-bit processors will be obsolete : 


Dies like this one for an Intel Pentium 4 are 
used to fabricate microprocessors. 


processor.” Krewell says designs for 
desktop processors, and especially note- 
books, will increasingly go after other 
things, such as low power consumption, 
low mass and quiet operation. 


In the Silicon Trenches 


| While the microprocessor vendors 


work to boost throughput, at another 
level they toil to find ways to dodge 
the laws of physics. Current silicon 
processors have circuit features that 
are 130 nanometers (nm) wide. Future 
zenerations, coming at two-year inter- 
vals, will shrink that to 15 nm or so — 
about as low as you can go in silicon. 
Getting there won’t be easy. 

“As we go from 130 nm to 90 nm to 
65 nm and then to 42 nm, the standby 
power dissipation is the single most 
important problem at the silicon and 
circuit design level,” says IBM’s Davari. 
The leakage of power, which is waste- 
ful and generates heat, increases “dra- 
matically, exponentially,” he says. 
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IBM and other companies are turning 
to “strained silicon,” a technique that 
boosts performance and lowers power 
consumption by stretching silicon mol- 
ecules farther apart, allowing electrons 
to flow though the transistors up to 70% 
faster. Chip makers are also experi- 
menting with new materials and meth- 
ods for making “gates” — which con- 
trol the electrical flow through a tran- 
sistor — smaller, faster and more effi- 
cient. “These things all started as per- 
formance solutions, but now they are 
solving power problems,” Davari says. 

Davari says IBM may eventually ex- 
tend its existing dual-core architecture 
to hundreds of processors on a chip. It 
will also integrate dynamic RAM with 
logic on a single chip, greatly reducing 
CPU-memory communication delays, 
increasing throughput and lowering 
power consumption. And it will move 
application-specific functions, such as 
encryption, video compression or speech 
processing, from software or off-chip 
hardware to the processor chip, he says. 

Dual-core processor chips will bring 
performance gains, but there may be 
cost drawbacks, Krewell says. The 
question is whether software vendors 
will view a dual-core processor as one 
or two processors for licensing purpos- 
es. “Intel convinced Microsoft that hy- 
perthreading is one processor, although 
it looks to the software like two proces- 
sors,” he says. “But as you put two cores 
on there, then four cores, will vendors 
still consider it one processor?” D 


PROCESSOR PROGNOSTICATIONS 


Read a forecast of how the competition among micro- 
processor vendors will play out over the next few years: 


QuickLink 36226 
www.computerworld.com 





: perhaps be explained by their very different processor architectures. 
AMD has built instruction-set compatibility between its 32-bit proc- 
essors and its 64-bit processors. Code can be easily ported from one 
to the other and will perform well on either, AMD says. IBM and Sun 
have built a similar compatibility into their 32- and 64-bit processors. 
Intel chose to go a different route: The 64-bit !tanium line is an entire- 
ly new architecture with a different instruction set from the old x86 
architecture, which the company now calls |A32. The Itanium per- 
forms poorly in 32-bit-emulation mode, analysts say, and code can’t 
be ported from 1A32 to Itanium without recompiling and testing. 

“If you are moving from x86 to Itanium, it’s a big job,” says Kevin 


Kiewell, editor of “Microprocessor Report.” “That's why Intel has 


been helping - with a lot of development money ~ software vendors 
= to recompile for Itanium.” 

: — Nevertheless, he says, there are advantages to Intel’s separate 
architectures: Banias for mobile, Pentium for desktop PCs, Xeon for 


in a year, and desktop users will want 64 bits in three to five years, + workstations and low-end servers, and Itanium for larger servers. 


“when 4GB of memory will be pretty cheap,” says Fred Weber, chief 
technology officer for computation products at AMD. 


The companies’ different outlooks on the migration to 64 bits can 


: Each can be tailored and tuned to meet different objectives. The 
much-smaller AMD can't afford to do that, Krewell says. 


~ Gary H. Anthes 











mers. | ; ; 

advantage. To find out how leading companies are 
reaping the rewards of SAS customer intelligence 
software, call 1 866 270 5723 or visit our Web site. 


1AM A SHELL. 


| CAN FIGHT CANCER. | AM MERCENARIA MERCENARIA. | HAVE AN 
EXTRACT IN MY SHELL THAT HAS THE POWERTO SLOW CANCERS 

IN MICE. | HAVE THE POWER TO BE THE NEXT PENICILLIN. |! AM MORE 
THAN A SHELL. 





LAMA 
NETWORK. 


| CAN TURN SHELLS INTO MEDICINE. | HAVE THE POWER TO MOVE 
CLINICAL TRIALS ONLINE SO NEW DRUGS GET TO MARKET FASTER. 
| HAVE THE POWER TO PROTECT A PATIENT’S PRIVACY. | CAN USE 
THE POWER OF E-LEARNING TO LET DOCTORS SHARE RESEARCH 
WITH OTHER DOCTORS. I THINK SHARING IS CARING. | AM MORE 
THAN A NETWORK. 


Cisco SYSTEMS 


THIS IS THE POWER OF THE NETWORK. NOW. ) 


cisco.com/powernow 
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UAKER CHEMICAL Corp. 
faced a dilemma. The Con- 
shohocken, Pa.-based compa- 
ny wanted to bring a band- 
width-intensive enterprise 
resource planning (ERP) sys- 
tem online without making costly up- 


| grades to its frame-relay links between 


five locations in Europe and the U.S. 


| So Bubba Tyler, vice president and 


CIO, tried installing wide-area net- 
work traffic-compression 
appliances in each loca- 
tion. The devices freed up 
enough bandwidth to 

meet the needs of the ERP application. 

In fact, they performed so well that 


| Tyler is considering reducing the size 
of the existing connections. 


Companies with far-flung operations 


| are increasingly turning to traffic com- 
| pression appliances as lower-cost al- 

| ternatives to upgrading the bandwidth 
| of WAN links. The technology behind 
| these appliances isn’t all new, but cor- 
| porate IT budget constraints and a re- 


turn on investment in as short a time 


| as one year have made the devices an 
increasingly attractive option. 

Some of the compression algorithms 
used in these appliances have been 
around for a decade or more and have 
been available as add-on software or 
hardware to WAN routers from Cisco 
Systems Inc. and others. For example, a 
compression card can be added to Cis- 
| co’s 2600 router for $995 or to its 3660 
and 3700 series routers for $2,000. 

But with IT focusing on cost savings, 
several small WAN compression appli- 
ance vendors have jumped in with 
plug-and-play products that they claim 
are more efficient and easier to config- 
ure. The vendors claim that their tools 
improve throughput by a factor of two 
to 10 and boast higher compression 
rates than compression-enabled 
switches. 

Cisco dismisses the claims. “We’ve 
seen interest in compression for years 
but have never seen the market take 
| off,” says Kip Sides, manager of prod- 
uct marketing at Cisco. The reason: the 
“expense of deploying and managing 





WAN traffic-compression devices 
can free up bandwidth on busy links, 
eliminating expensive service 
upgrades. By Matt Hamblen 


COMPRESSION 
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it, and the benefits aren’t really that 
significant,” he says. “We could, over 
time, see a reasonable benefit to new 
technologies, but we are skeptical.” 

Some users and analysts disagree. 
Cisco seems focused on providing big- 
ger, more comprehensive networking 
platforms rather than compression 
add-ons, says Mark Fabbi, an analyst at 
Gartner Inc. in Stamford, Conn. 

Quaker Chemical’s Tyler says he 
didn’t want to go through the time and 
complexity of setting up his Cisco gear 
for compression, opting instead for ap 
pliances from Peribit Networks Inc. in 
Santa Clara, Calif. “We could spend 
days or maybe weeks tuning the Cisco 
switches and have to use other equip- 
ment to do the analysis, or we could 
just plug in the [Peribit] SR-50s and be 
up and running,” he says. 

The results speak for themselves, 
says Tyler. “We now estimate we won't 
have to add any bandwidth for our on- 
going growth in the ERP and other ap- 
plications we have on the drawing 
board,” he says. Instead, Tyler is con- 
sidering reducing the committed infor- 
mation rate on some frame-relay links, 
which currently range from 256K to 
1.44M bit/sec. The SR-50 appliances 
sell for $6,000 each, but he says it 
would have cost him three to five 
times that amount to increase band- 
width, depending on the link. 

GeoLogistics Corp. connected 29 
branch offices to its global data center 
in England using Accelerator 1800 de- 
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Quaker Chemical's 
WAN Traffic Crunch 


To accommodate a new, bandwidth- 
hungry ERP application, Quaker in- 
stalled Peribit SR-50 series compres- 
sion appliances across its frame-relay 
network. Now, instead of increasing 
link speeds, the company is considering 
reducing them. 


vices from Expand Networks Inc. at 
each site and two Accelerator 4800 
boxes at the data center, says interna- 
tional network manager Morey Straus. 
The Santa Ana, Calif.-based global 
freight logistics provider began adding 
the devices from Roseland, N.J.-based 
Expand in 2001, when bandwidth de- 
mands started rising as as result of a 
move from dumb terminals to PCs and 
thin clients. 

“When I first heard about Expand, 
my initial reaction was that it was 
probably just more Cisco compression, 
which gives you maybe a 15% improve- 
ment,” says Straus. “But with Expand, 
we've been getting between three to 
four and a half times the throughput. 
It’s a world away from Cisco compres- 
sion.” Straus says the system paid for 
itself in three months. His average cost 
to double the port speed from 64K to 
128K bit/sec. on one link was $8,000. 
He equipped each site with an Expand 
appliance for less than $2,000; the two 
boxes at the data center cost $20,000. 

Dreyer Medical Clinic in Aurora, IIL. 
deployed Accelerator boxes on each 
end of four 56K bit/sec. point-to-point 
circuits in northeastern Illinois, says 
Stephen Hart, network and systems ad- 
ministrator. 

“We didn’t want to upgrade the 
lines, since it costs from $600 to $2,300 
a month to install a Tl,” he says. The 
eight appliances, which have been de- 
ployed for about two years, cost 
$12,000, plus $250 annually per appli- 
ance for support, he says. Hart says the 





boxes paid for themselves in less than 
one year. 


: : men © m | 
Dreyer has since installed Citrix Sys- | 


tems Inc. thin-client applications, 


| which he says could be a “network 


hog,” but the system has been able to 
support that, he says. “We get up to 
nine times the performance increase, 
and there are no data integrity issues,” 
he notes. Most users have no idea the 
system is in place, he says. “I never get 
a call saying the system is running fast 
today, but it prevents a slowdown.” 


The Secret Sauce 


All the vendors use similar technolo- 
gies that find common bit or byte pat- 
terns, replace them with much shorter 
markers that refer to the original data 
and transmit those to the recipient. All 
appliances expand on older, well- 
established compression technologies 
such as Lempel-Ziv-Stac, named after 
its creators. But that doesn’t mean the 
appliances are standardized — or in- 
teroperable. Current offerings require 
the installation of identical compres- 
sion appliances on each end of a WAN 
link, usually inside the corporate fire- 
wall, to avoid security problems. 

Expand uses at least two different 
compression algorithms. Its appliances 
sort headers by type of traffic, such as 
file transfer protocol, and remove re- 
dundant information common to each 
traffic type. They then use a bit pat- 
tern-recognition algorithm that deter- 
mines data stream patterns and caches 
those on both sides of the WAN. 
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Peribit has patented a technique it 
calls Molecular Sequence Reduction 
(MSR) that’s based on pattern-recogni- 
tion algorithms previously used to 


study DNA, says Amit Singh, Peribit’s 


co-founder and chief scientist. He 
claims that MSR holds tens to hun- 
dreds of megabytes of patterns, while 
other devices examine only a 2KB win- 
dow of data before moving to the next 


window. MSR also has a built-in “adap- | 


tive dictionary” of patterns that puts 


| greater value on the most frequent and 


largest patterns seen in data streams. 
Peribit makes the highest perfor- 
mance claims, but analysts are dubious 


| about the company’s claims of techno- 


logical superiority. “Peribit has made 


lots of noise about its DNA connec- 


| tion, but its technology is not signifi- 
| cantly different than Expand’s, [and] 


Expand has been more successful with 
customers,” says Thomas Mendel, an 
analyst at Giga Information Group Inc. 
in Cambridge, Mass. Expand’s aggres- 
sive pricing may help explain that. 
Peribit responded in January with the 
introduction of a new low-end model, 
the $2,900 SR-20. 

WAN traffic appliances remain a 
niche market dominated by small play- 


| ers. Peribit has been shipping products 


for just 15 months and boasts 100 cus- 


| tomers worldwide, and Expand claims 
to have more than 500 customers. 


Both vendors and analysts expect 
more users to turn to these devices, 
but they differ in growth estimates. Jef 


| Graham, president and CEO of Peribit, 
| expects WAN traffic-compression 
| sales to shoot to $5 billion in coming 


years. “That’s overstated by a magni- 
tude of 10 or more,” counters Fabbi. 
Mendel puts that market, which is 
mainly held by Peribit and Expand, at 
about $20 million, and he says it will 
expand to $50 million in mid-2004. 
But Mendel also warns that the 
vendor landscape could completely 
change in the next two years. He ex- 
pects the market for stand-alone com- 
pression appliances to last perhaps an- 
other two years before the functions 
are absorbed into the next generation 


| of routers offered by Cisco and others. 


That means an IT manager should de- 
ploy only if he expects an ROI in a year 


| or less. “If you can’t calculate an ROI of 


| 
| 


12 months or less, don’t do it,” he says. D 


COMPRESSION DECISION 


Quaker's Bubba Tyler discusses the pros and cons 


QuickLink 36461 
www.computerworld.com 
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When Bad 
Happen to 


Aslick security product demonstration 
only serves to prove that vendors often 
don't think enough about what security 
managers need. By Vince Tuesday 


OW MUCH MONEY do 
you have in your bud- 
get? You have to be 
aware that this is very 
expensive software.” 

Ah, the not-so-sweet sound 
of the sales pitch. 

Much of my work as a secu- 
rity manager is like that of a 
juggler, always keeping balls 
in the air. My daily - 
goal is to deal with 
the next falling ball, 
be it a virus attack, 
a new e-commerce 


pected abuse. 

This week, howev- 
er, I was able to lift my gaze 
for a few days to think about 
future needs and meet with 
vendors. And once again, a 
slick product demonstration 
showed all too clearly one 
vendor’s fundamental inability 
to understand our needs. 


Two Challenges 

We are meeting with vendors 
to address two challenges. 
First, we need to better man- 
age the volume of security 
data we gather. Our antivirus 
applications, vulnerability 
data, intrusion-detection sys- 
tems, firewalls, routers, oper- 
ating systems and everything 
else we touch produce valu- 
able security data, but in dif- 
ferent formats. 

It’s expensive to train our 
staff to understand this mod- 
ern-day Tower of Babel, and 
it takes up costly extra time 
when we must deal with inci- 
dents. If we could automati- 
cally translate and link securi- 
ty events, we would reduce 
costs and further improve 
our defenses. 


SECURITY 
MANAGER'S 
project orsomesus- QQURNAL @ 


<j 


The second challenge is to 


| our signature-based approach 

| to detect unusual or anom- 
alous behavior that doesn’t 
match a known signature. Giv- 
en that the SQL Slammer 
worm is reported to have tak- 


en less than 10 minutes to in- 


fect every vulnerable system 
on the planet, it’s 
clear that waiting 
for an update from a 
vendor isn’t going to 
work on its own. 
Pulling together 
diverse security in- 
formation is a com- 


| mon problem, and many ven- 


dors have products to address 
it, including the vendor whose 


salesman finished up his ses- 
| sion with that pitch I quoted 


in the beginning of this article. 


| I looked into this area a few 


years ago, and the products 
were very immature. I was 
hoping that the latest versions 


| would have something inter- 
| esting to offer. 


We invited several vendors 


The product ran and 
worked, which in 
some ways was the 
curse of their presen- 
tation. If they had 
stuck with PowerPoint 
screenshots, we 
wouldn’t have seen 
| what made the whole 





thing useless to us. 
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Thin 
Good Demos 


to demonstrate how their soft- 
ware could save us time, effort 
and cost. 

The vendor I mentioned 
previously certainly put ona 
good show. Its salespeople ar- 


| rived with an entire network 


in a suitcase and proceeded to 
unpack and set up servers, 
clients and a hub. The product 
ran and worked, which in 
some ways was the curse of 
their presentation. If they had 
stuck with PowerPoint screen- 
shots, we wouldn’t have seen 
what made the whole thing 
useless to us. 


Poor Display 
The tool pulled in an enor- 
mous range of data, stored it 
in a database, correlated root 
causes and generated alerts on 
them. It sounded good. 

However, the front-end soft- 
ware had an awful graphical 
user interface. It was clunky 
and slow — an unpleasant 
thing to force on my analysts, 
who would use it day in and 
day out. 

The procedure that ad- 


| dressed the detection of corre- 


lated events was particularly 


| bad. A window popped up that 
| displayed an identification. 


But when I’m presented with 
an alert indicating that a 
whole series of linked things 
has happened, I want to see 
the details of all the underly- 
ing events and the reasoning 
used to link them, so I can un- 
derstand how to respond. The 
sales team understood this, so 
they had cut and pasted the ID 
into a SQL report and run a re- 
port against the database. 

But the whole point of this 
application was to reduce my 
team’s manual work. Why 
couldn’t we just click? Appar- 
ently, we could add our own 
scripts to take the action we 
wanted when an ID was 
raised. 

But isn’t the point of buying 





software to get something that 
does the work for me? If I 
wanted a framework, I'd just 
send all the money I have to 
BMC or Tivoli. 

Then came the deal-killer. If 
you wanted to see whether 
new events had occurred 
within that correlation, the 
tool couldn’t tell you. Instead, 
you had to rerun the report. So 


| you might get an ID for a few 


innocuous linked events and 
discount it, and unless you 
continually reran the report to 
check, a bunch of horrible 
events could be added under 
your nose. My team has 


| enough problems keeping up 


with the raw data without 
adding another layer of work. 
Not to worry, though. Ap- 
parently, these “minor” issues 
will be resolved in the next 
version. If a product saves me 


| alot of money, then I'll pay a 


lot for it. It’s simple, really. In 
this case, I don’t have to worry 
how expensive this tool might 


| be, since I won't be buying it. 


It looks like I won't be sav- 
ing money by automating our 
processes just yet. I’m sure 
some managed-service pro- 
viders have ways to do this 
well. But since that’s the core 
of their business, I doubt 
they'll sell it to me ona CD. 

Perhaps the new generation 
of anomaly-detection software 
will have something worth 
emptying my budget into. But 
I had best be off to meet with 
more vendors before all those 
balls I’m juggling start coming 
back down. B 


WHAT DO YOU THINK? = 


| This week's journal is written by a real 


security manager, “Vince Tuesday,” whose 
name and employer have been disguised 
for obvious reasons. Contact him at vince. 
tuesday@hushmail.com, or join the dis- 
cussion in our forum: 
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To find a complete archive of our 
Security Manager's Journals, go online to: 
@ computerworld.com/secjournal 
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Focus on the best in network security, every step of the way. 


Start with a secure foundation. Integrate the best in network security expertise. 
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From servers to service, Dell has the solution. 


Dell | Small and Medium Business 


Your business has unique needs. |t deserves a unique solution. From PowerEdge servers featuring Intel” Xeon™ 
processors to PowerVault Storage and PowerConnect Switches, we offer tailored solutions to meet your business needs 
And of course it's Dell, so you know you're getting the latest technology. But that's only half of the story. Dell offers 
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everything is backed by thousands of service and support people at your beck and call, on-site, online and on the phone 
Suddenly your IT infrastructure doesn’t seem so daunting. Let Dell's one-of-a-kind solutions put you on the path to 
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Web Server 


PowerEdge™ 1650 Server 


Highly Available 1U Rack-Optimized Server 
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PowerEdge™ 2650 Server 
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Presence 
‘Technology 


DEFINITION 


Presence technology allows a network user to know 
when another user is connected to the network and 
thus available to receive and immediately answer a 
communication. Instant messaging, pioneered by 
America Online, is the first and best-known example 
of a presence technology. 


BY RUSSELL KAY 
N TODAY’S INFORMATION 
economy, digital technolo- 
gies let us easily communi- | 
cate with colleagues and | 

customers around the 

world. E-mail has giv- 
en us an asynchronous 
communications 
medium that helps 
free us from the stric- 
tures of time-zone differences. nces, | tell 

We can send a message at any | 

time and get a reply at the oth- | 

er person’s convenience. 

But there can be times when | 
we may need a quick answer 
from, say, any of a dozen peo- 
ple, and it takes a while just to 
find one of that dozen who is 
available. 


UKs 
uy” 


With the growing use of in- 


stant messaging (IM) technol- 
| ogy, such as America Online 


Inc.’s AOL Instant Messenger 
_ | Am and Microsoft Corp.’s 
Messenger services 
we now have a better 
alternative. 

If we have those 
dozen people on our 
“buddy list,” we can 
tell at a glance if any of their 


| computers are logged onto the 


network and whether they’ve 
been active recently. We can 
tell if Judy in engineering is 
open to communications, and 


| we can send her a quick IM to 


ask a question. Her reply by 


| IM or phone can resolve the 
| problem efficiently. 


Standardizing IM and Presence 


THOUGH MANY INTERNET stan- 
dards make IM and presence 
technology possible, there aren't 
yet any definitive standards 
across the industry. However, the 
incompatibility of current IM prod- 
ucts, which has resulted in three 
major silos of users, may be com- 
ing to an end. 

The Internet Engineering Task 
Force's (IETF) recently approved 
a new working group to focus on 
the Extensible Messaging and 


Presence Protocol (XMPP). 
According to the group's char- 
ter (on the Web at www.ietf.org/ 
html.charters/xmpp-charter.html), 
“XMPP is an open, XML-based 
protocol for near real-time exten- 
sible messaging and presence. 
It's the core protocol of [Denver- 
based Jabber Inc.'s] Jabber In- 
stant Messaging and Presence 
technology, which is currently de- 
ployed on thousands of servers 
across the Internet and is used by 





| Inc, 


Although AIM started as a 
consumer-grade technology, it 
was quickly adopted by many 
businesses that saw its advan- 
tages in enabling quick com- 


| munications and providing 


presence information. 

The rapid growth in its use 
brought competition, notably 
from Microsoft and Yahoo 
which made their own 
products that interoperated 
with the AIM servers. How- 
ever, AOL soon managed to 
shut them out, and the result 


| for the past several years has 


been a plurality of competing 
networks of IM products that 


| can’t talk to one another. 


Compatibility? Interoper- 
ability? Standards? Not yet, 


millions of people worldwide.” 
Session Initiation Protocol 
(SIP), a signaling standard for set- 
ting up and managing communi- 
cations sessions between differ- 
ent media, is one of two key pro- 


: tocols for presence technology 


[QuickLink 35318). 

The other important protocol is 
SIP for Instant Messaging and 
Presence Leveraging Extensions, 


: which isn’t yet an IETF standard 
> but still serves as a uniform way to 
: add presence 


- Russell Kay 





but there’s hope for the near 
future (see box below). One 


potential complication is that 


in September 2002, AOL re- 
ceived a U.S. patent on IM 


technology. To date, AOL has 
given no indication that it in- 


tends to charge its competi- 
tors with infringement. 


A Wider Presence 

The traditional model of IM 
widening rapidly as more 
people carry handheld wire- 
less devices and as cellular 
telephones perform more 
functions. 


is 


LM Ericsson Telephone Co., 
Motorola Inc. and Nokia Corp. 


formed the Wireless Village 
Initiative to build presence 


technology into their mobile- 


phone services (also called 


m-presence capability). Offi- 


cially known as the Instant 
Messaging and Presence Ser 
vices Solution (IMPS), this 
should let users know if the 
people they’re trying to con- 
tact are available, even befor 
they pick up the phone. You 
only have to push a few but- 
tons to see if the other per- 


e 


‘ll 


son’s phone is turned on and if 


that person is on the phone, 
a meeting or even at lunch. 


in 


There’s even discussion of 


using Global Positioning Sys 


| tem technology in future ver- 


sions of m-presence to let you 
know where a person is even 


before you make the phone 


call. This is similar to recent 


moves to incorporate location 
data into cell phone transmis- 
sions for law enforcement and 


public safety purposes. 
Once that capability is in 
place, extending it to other 
devices and other inquiries i 
a potential next step. But 
before that can happen, we 
need more and better inter- 


S 


operability among messaging 


networks. DB 


Kay is a Computerworld con- 


tributing writer in Worcester, 


Mass. You may contact him at 


russkay@charter.net. 


Are there technologies or issues you'd lik 


Ke 


to learn about in Gackaeady? Send your 


To find a complete archive of our 
QuickStudies, go online to 
@ computerworld.com/quickstudie: 


Ss 





Getting the 
Messaging 


PUBLIC SERVICES: These 
include AOL Instant Messen- 
ger, MSN Messenger and 
Yahoo Messenger. These 
products: 

® Are available to everybody. 
® Are often free. 

® Use a centralized, third-par- 
ty server to relay messages. 


PRIVATE SERVICES: These 
three providers of public IM 
systems also have enterprise 
versions designed for corpo- 
rate use: AOL Enterprise AIM, 
Yahoo Messenger Enterprise 
Edition and Microsoft Mes- 
senger Connect for Enterpris- 
es. These products offer: 

® Secure IM 

= Message logging 

® Enterprise-class service 

= Corporate control of mes- 
saging servers and policies 


COLLABORATION TOOLS: 
These collaboration systems 
include presence technology: 
® IBM Lotus Sametime 
software 

® Groove Networks Inc.'s 
Groove Workspace 

® Microsoft's Windows 
Server 2003 


PRESENCE TECHNOLOGY 
PRODUCT VENDORS: 

® Bantu Inc. 

Washington 
www.bantu.com 

= Comverse Inc. 
Wakefield, Mass. 
WWw.comverse.com 

= Dynamicsoft Inc. 

East Hanover, N.J. 
www.dynamicsoft.com 

= FaceTime Communica- 
tions Inc., Foster City, Calif. 
www.facetime.com 

® Invertix Corp. 
Alexandria, Va. 
www.invertix.com 

= Jabber Inc. 

Denver 

www. jabber.com 

® NotePage Inc. 

Hanover, Mass. 
Wwww.notepage.com 

& PresenceWorks Inc. 
Alexandria, Va. 
www.presenceworks.com 
® Vayusphere Inc. 
Mountain View, Calif. 
www.vayusphere.com 
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SCO Group Ships 
OpenServer 5.0.7 


The SCO Group Inc. has released 
Version 5.0.7 of its OpenServer 
Unix operating system, with en- 
hanced hardware support, inte- 
grated open-source tools and a 
new SCO Update Service. It’s 
available in Enterprise, Host and 
Desktop versions and includes 
Universal Serial Bus 2.0 integra- 
tion and new driver support. It 
supports Intel Corp.’s Pentium 4 
and Xeon chips, as well as Athlon 
XP and MP chips from Advanced 
Micro Devices Inc. Lindon, Utah- 
based SCO has priced the operat- 
ing system starting at $699. 


Datastick Rolls Out 


Bluetooth Software 


Datastick Systems Inc. in Santa 
Clara, Calif., last week an- 
nounced new software that will 
use Bluetooth wireless technolo- 
gy to connect manufacturing- 
floor sensors to Palm inc. hand- 
helds. The software, Datastick 
Connection Plus BT for ICHM, 
runs on Palm’s Tungsten T and 
m500 series handhelds with 
Palm’s Bluetooth card. The soft- 
ware is available on a Bluetooth- 
enabled manufacturing-floor sen- 
sor from Oceana Sensor Tech- 
nologies Inc. in Virginia Beach, 
Va. Pricing wasn’t disclosed. 


Vendors Bring 
Office to Linux 


Tarantella Inc. and CodeWeavers 
Inc. are partnering to offer secure 
Web access to Microsoft Office 
and other Windows applications 
hosted on Linux servers. St. Paul, 
Minn.-based CodeWeavers will 
offer a new Internet-optimized 
version of CodeWeavers Cross- 
Over Office Server Edition, which 
allows Linux to run Windows ap- 
plications in a distributed thin- 
client environment. The software 
will be available next month as 
part of Tarantella’s Enterprise 3. 
Pricing starts at $2,380 for 25 
users from CodeWeavers and 
$150 per user from Santa Cruz, 
Calif.-based Tarantella. 
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And Here's 
‘The Pitch 


66 


ELCOME, FOLKS, to the first game 
of the software World Series, with 


Microsoft going up against the Cus- 
tomer. I’m Harv Coney, doing the 
play-by-play with my co-host, Hank Kee. 

“Bill Gates is the lead-off hitter for Microsoft, with 
Jean Paoli on deck. Bill will be facing right-hander 
Mark Kett tonight. Mark is famous for his Linux-ball, 
which has given Gates trouble all season. What do you 
think Bill’s going to do tonight, Hank?” 

“It’s hard to say, Harv. Bill is a good switch-hitter. 
Remember back in 1996 when Microsoft played Unix 
Expo in New York? He got an infield single by saying 
Windows NT was basically the same thing as Unix. 


But he’s almost sure to go 
for a Unix slam tonight.” 

“Here comes the first 
pitch. And it’s a Linux-ball, 
high and inside. Bill swings 
and misses with a com- 
ment about how hard it 
was for Microsoft to com- 
pete when IBM put all its 
resources behind OS/2!” 

“Wow, I don’t think any- 
one saw that coming, Harv. 

Everyone knows our bat- 
boy supported OS/2 more 
than IBM did.” 

“Good point, Hank. Now here’s the 
windup. And the pitch. Bill swings and 
misses with the ‘too many incompati- 
ble versions of Linux’ comment. That’s 
Strike 2. Kett fidgets on the mound. 
And here’s the windup for the 0-2 
pitch. He fires another Linux-ball, this 
time straight down the middle! Bill 
hits the ball down the left-field line 
with the comment that ‘Linux is like 
Unix, which is like building a 747 by 
committee,’ 

“Left fielder Reggie Stir gets a bead 





on the ball and catches it 
easily with the old joke 
about how Windows is like 
an attractive plane that ex- 
plodes in midair without 
warning. One out; and that 
brings up Jean Paoli.” 

“Harv, Jean’s had a pretty 
good batting average 
against the press with 
XML this year, but his 
overall average is low, es- 
pecially against pennant 
contenders.” 

“Here’s the first pitch to Paoli. It’s a 
Linux-ball low and outside for Ball 1. 
Kett works quickly; he winds and 
deals. It’s an OpenOffice change-up. 
Paoli swings with Office ll and hits it 
right to the shortstop, Sunny Micro — 
who boots the ball! Paoli rounds first 
base as Sunny finds the handle and 
throws it to Dot Org at second. Now 
the runner’s hung up between first and 
second! He’s got nowhere to go, and 
Dot runs him down and tags him for 
the second out.” 

“I suspected Jean might get himself 





| into a pickle. If he’s lying about open- 
| ing up the Office document format, 


there'll be a backlash from customers. 
If he really opens up the document 
format, the free OpenOffice will im- 
port those documents and draw away 
customers.” 

“That’s right, Hank. Well, it’s up to 


| the next batter, Pat Ent, to give Micro- 
| soft a little life this inning. Wait, it 


looks like Microsoft is sending in Dee 


| R. Emm to pinch-hit for Pat. Dee 
| spends most of her free time promot- 
| ing digital rights.” 


“Right now she has to worry about 


| Kett’s privacy-ball, Harv. She’s been 
| batting under .100 against that pitch all 


season. But she’s had her scouts out 
researching everything they can find 
out about Mark Kett and his pitching 
strategy, and I hear she has a pretty de- 


| tailed database on Mark — including 


what he does in his personal life.” 
“Here comes the first pitch. It’s a 
Media Player-ball low and inside. 
Emm hits it with a list of all the DVDs 
Kett has watched over the past six 


| months, but it’s out of reach in foul 


territory. Kett’s into his windup; he de- 
livers — and it’s way out of the strike 
zone. Wow, that was almost a wild 
pitch, Hank. Dee seems to have un- 


nerved him with that last swing.” 


“Maybe she hasn’t listed all of the 
DVDs.” 

“Good point, Hank. Now Mark 
comes back with the privacy pitch. 
Dee hits it deep into center field! Go- 
ing, going — gone! And it’s 1-0 Micro- 
soft, in the top of the first!” 

“Well, Harv, it looks like there’s 
plenty of excitement ahead. We'll be 
right back after this word from our 
sponsor, Microsoft.” D 
WANT OUR OPINION? 

For more columns and links to our archives, go to: 
www.computerworld.com/opinions 





Want to cut your IT costs without sacrificing 
performance? PRIMEPOWER Servers from Fujitsu. 


Attend our webcast to learn more: 
“Understanding The Role of Solaris and 


Linux Platforms in Tomorrow’s Data Centers: 


An IDC Webcast.” 
www. ftsi.fujitsu.com/services/idc 


The secret is out. PRIMEPOWER™ Solaris”- compatible 

servers from Fujitsu’ deliver a major breakthrough in 

price/performance compared to our more famous 

competition. Want proof? PRIMEPOWER servers offer 
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panies use them to boost their performance. And there’s a 
PRIMEPOWER server that’s right for any application you need— 
from single CPU, rack-mounted servers to enterprise-ready 
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All or Nothing 


General Motors farms out nearly all 
of its IT operations, while Bank One_ | 
has brought most of its IT work back | 
in-house. Their CIOs tell how | 
business needs and the economy 
guided their IT decisions. Page 42 | 


Predictable Surprises 

Many disasters are preventable if 
you know how to spot them coming, 
says Michael D. Watkins, who wrote 
an article about the subject in this 
month’s Harvard Business Review 
with Max H. Bazerman. Page 44 


OPINION 


| Look Before You 

| Leap to Outsource 
| Do your homework before 
| signing on the dotted line, 
advises columnist Bart 
| Perkins. Page 46 

Z| 





OUTSOURCING IS OFTEN A DIRTY WORD 
among the IT ranks, but CIO George 
Lin has used it to boost morale at Doc- 
umentum Inc., a maker of enterprise 
content management software in 
Pleasanton, Calif. 

When most companies outsource, 
Lin says, they “keep the core and out- 
source the context.” But Lin gives em- 
ployee satisfaction equai weight in the 
outsourcing decision. That has prompt- 
ed him to keep in-house some areas 
that many would consider 
“context” and outsource 
some that are “core.” 

“If everybody else is out- 
sourcing something, maybe 
you should too, but it really 
depends from company to company,” 
says Lin, whose unconventional ap- 
proach has made his IT group a model 
for out-of-the-box thinking at the com- 
pany. 

Lin isn’t alone. Iconoclastic IT lead- 
ers are learning that when it comes to 
outsourcing, thinking about the idio- 
syncrasies of your business is much 
more important than following the 
rules. For example, the IT help desk is 
often the first thing to go because it 
plays a supporting role that’s not seen 
as adding value. But an early attempt at 
outsourcing taught Lin that the help 
desk is the business’s window to IT. 

“No matter how good your back-end 
operation is, it’s only as good as it’s 
perceived at the help desk,” Lin ex- 
plains. “So if you outsource that with- 
out thinking it through, you can create 
an internal perception that customers 
are not getting the best service.” 

Lin’s philosophy also led him to out- 
source Documentum’s worldwide net- 
work, a core technology for the compa- 
ny, which is dispersed geographically. 
Senior network engineer Stan Wolf 
was spending too much of his time 
manually rerouting traffic among com- 
pany sites when the Internet or frame- 
relay network connections failed. 

“He was pulling his hair out trying to 
keep the network working,” Lin recalls. 
And because the company was grow- 
ing rapidly, the addition of more sites 


| 
| 
| 
| 
| 





would soon make things worse. 

Lin outsourced networking responsi- 
bility to Virtela Communications Inc. 
in Greenwood Village, Colo., which 
provides and manages a virtual private 
network across 39 Documen- 
tum locations. Each site now 
has a single primary con- 
nection for Internet and 
wide-area network (WAN) 
access and a fallback Digital 
Subscriber Line service in 

case of failure. 

Virtela manages every- 
thing, including the last- 
mile connection and the 
various intricacies of each 
site. 

The virtual private network has in- 
creased bandwidth at the sites by 25% 
to 100%, decreased latency by 10% and 
cut WAN costs by half. But most im- 
portant, Lin says, “we gave the network 
guy back his sanity. Now, instead of 
worrying about lights and switches, 
he’s really leveraging his skill set to 
help the business.” 

“It can be a big career boost for peo- 
ple when you outsource those things 
where you can’t add value as an inter- 
nal IT worker,” says Julie Giera, an ana- 

Continued on page 40 


| 
| 


Breaking 


utSOurcing 


| 
| 
| 





Boundaries 


Forget following the conven- 
tional rules. Focus on the idio- 
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Continued from page 39 
lyst at Giga Information Group Inc. in 
Cambridge, Mass. 

Wolf agrees. “This frees me up to 
focus on business requirements and 
overall service delivery to internal cus- 
tomers,” he says. 

Moreover, Lin’s unconventional ap- 
proach has made IT a model depart- 
ment. “Outsourcing has been a very 
critical component of our strategy,” 
says Documentum CEO Dave DeWalt. 
“I showcase George and his operations 
to our customers.” 


All in the Family 


Early in 1998, Y2k preparations and 
other large initiatives were straining 
human resources at Allstate Insurance 
Co. in Northbrook, Ill. Nearly 50% of 
the IT workers were contractors. “It 
was extremely expensive and getting 
more and more difficult to manage,” 
says Mike Scardina, assistant vice pres- 
ident for finance. Contractor turnover 
was also a problem. “People would 
walk out the door with two to four 
years of Allstate knowledge,” he says. 
Allstate had to find a way to keep its 
intellectual capital and lower costs. 

The solution was to bring outsourc- 
ing in-house. Allstate’s parent compa- 
ny, The Allstate Corp., developed its 
own offshore outsourcing operation, 
Northbrook Technology of Northern 
Ireland Ltd. in Belfast. “We went to 
Belfast and found the cost structure, 
language accessibility, culture and time 
zone all extremely advantageous,” says 
Scardina. 

Initially, Northbrook performed 
maintenance and low-contact develop- 
ment work that didn’t require much in- 
teraction with the U.S. group. But in its 
third year, the group is dealing more 
directly with users in the U.S., main- 
taining or developing more than 60 
Allstate systems, including Unix ad- 
ministration, security, financial and in- 
frastructure applications, and technol- 
ogy for agents, call centers, underwrit- 
ers and claims. Costs have been re- 
duced by more than half. 

Northbrook also has been a source 
of skills in newer technologies that are 
harder to find in the U.S. marketplace, 
such as speech recognition. “It’s a 
great resource for us,” says Chief Tech- 
nology Officer Cathy Brune. “And we 
don’t have to think twice about the 


contract or developing a whole new re- | 


lationship,” because the people are em- 
ployees of the parent corporation. 

The six-hour time difference gives 
Brune additional flexibility for shift 
work, but it also allows real-time com- 
munication during the day. 
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“It’s pretty clever,” says Giga’s Giera. 


| “I think you’re going to see this contin- 


ue as a trend. Just as companies moved 
manufacturing offshore because it’s 
cheaper to make sneakers in China, 
programming and IT can be another 


| business process to move offshore.” 


But it’s not for everybody, she adds, 
citing a large bank in New York that 


| created a subsidiary in India that failed 
| because business units resisted send- 
| ing work out. “The key is to have exec- 


utive support, enough work to support 
it and an incentive for the business 


| units to use the offshore facility,” she 


says. “Otherwise, it won’t succeed.” 
It’s also important to treat such out- 
sourcing arrangements as business — 


We don’t have 

to think twice 
about the contract or 
developing a whole 
new relationship 
[because the people 
are employees]. 


CATHY BRUNE, CTO, ALLSTATE 
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Bring outsourcing back 
in-house to retain talent and lower costs 
by creating an offshore outsourcing enti- 
ty, Northbrook Technology of Northern 
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Costs have been reduced by 
more than half, and Northbrook is a 
source of skills in newer technologies 
that are harder to find in the U.S. 
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not family — relationships, says Stuart 
Kliman, a director at Vantage Partners 
LLC, a consulting firm in Boston that 
specializes in helping companies insti- 
tutionalize their relationship manage- 
ment capabilities. “You shouldn’t as- 
sume just because you own [the out- 
sourcing unit that] you will work effec- 
tively with them,” he says. “I would at- 
tend to the core organizational work- 
ing relationships with as much if not 
more discipline than I would with a 
traditional provider.” 

Northbrook is handling all of All- 
state’s outsourcing, and the demand 
for its services continues to grow as 
business units look to cut costs. The 
Northbrook staff has grown to more 
than 700, with 2003 revenue in excess 
of $30 million, and Allstate’s U.S. IT 
staff has grown as well, Brune says. 


The Hybrid Approach 


In a financial services company like 
Coast Capital Savings in Vancouver, 
British Columbia, the technology for 
the banking operation is about as core 
as you can get, but Coast Capital out- 
sources it — sort of. 

CIO Joel J. Rosenberg uses Sanchez 
Computer Associates Inc. in Malvern, 
Pa., an outsourcer that develops and 
maintains core banking technology for 
financial institutions throughout the 
world. But his internal IT employees 
have access to the Sanchez source 
code, enabling them to connect the 
core system to custom applications 
such as data warehouses, ATMs and 
debit card systems. “We'll leverage the 
vendor’s expertise and skills as we see 
fit in terms of business needs,” says 
Dave Smart, manager of business solu- 
tions. “Because we have the source 
code, we're able to meet business 
needs with in-house resources.” 

“They focus on improving the tech- 
nology platform,” Rosenberg says. 
“Our internal IT people focus on is- 
sues closer to the customer.” For exam- 
ple, the IT group is currently integrat- 
ing the core system with a new custo- 
mer relationship management system 
from Talisma Corp. in Kirkland, Wash. 
“Banking data and information will be 
flowing in real time,” says Rosenberg. 
“Tt requires real-time linkage, so our 
folks are working on that.” 

“We understand the business re- 
quirements and do business program- 
ming,” Smart says. “We don’t do low- 
level programming. We don’t support 
the database. That’s a skill set we’re 
not interested in.” 

Giera says leveraging in-house skills 
is a good way to do more with less. 





| “That’s where companies get the most 
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value out of their programming staff, 
because they know not only the tech- 
nology but also the business,” she says. 
It’s also economical. After a recent 
merger with a financial institution that 
was planning to convert to a new sys- 
tem, the new partner was drawn into 
the hybrid arrangement, partly be- 
cause it was expected to deliver 80% 


| savings over projected costs. 


Kliman applauds the practicality of 
hybrid outsourcing, but he notes that 
this type of relationship brings chal- 
lenges. “Companies in this situation 
should really pay attention to the proc- 
esses they put in place to enable their 
in-house folks to work effectively with 


the outsourcers,” he says. “If they don’t 


manage that well, negative perceptions 
and trust problems could lessen the 
value.” 

Keeping your priorities straight is 
the key to successful outsourcing, says 
Documentum’s Lin. “Outsourcing 


| should improve the agility of the busi- 


ness and the agility of the IT organiza- 
tion and make it more effective,” he 
says. “When it’s done right, outsourc- 
ing is a win for everybody. If you real- 
ize cost savings, that’s a bonus.” D 
Melymuka is a Computerworld 
contributing writer. Contact her at 
kmelymuka@earthlink.net. 
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GMand 

Bank One 
take opposite 
approaches 
to outsourcing. 
By Thomas 
Hoffman 


Al 





Of 
Nothing 
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INSOURCING VS. OUTSOURCING. It’s the 
great debate these days for many IT 
executives who are struggling to cost- 
justify the most effective way to run 
their IT operations. 

But experts say it’s not a question of 
right or wrong, but of which strategy 
best fits a company’s business model. 

General Motors Corp. 
and Bank One Corp. an- 
swered the question by 
taking divergent paths. 
Along with the business 
rationales behind their 
strategic choices, the CIOs at the two 
companies offer up some of the tough 
lessons they have learned along their 
separate ways. 


GM's Third Wave 


For many people in the IT industry, 
GM has become synonymous with out- 
sourcing. The $186.6 billion auto giant 
purchased Electronic Data Systems 
Corp. in 1984 from Ross Perot and out- 
sourced virtually all of its IT opera- 
tions to the Plano, Texas-based IT 
services provider under a precedent- 
setting 10-year, $40 billion agreement. 
In 1996, GM spun off EDS to operate 


| 
| 
| 
| 


ue 
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as a stand-alone company and began 
redistributing some of GM’s IT work 
to other services firms such as IBM, 
Cap Gemini Ernst & Young and Accen- 
ture Ltd. During its 12-year exclusive 
arrangement with EDS, GM encoun- 
tered its share of problems in the rela- 
tionship, but the automaker’s commit- 

ment to an outsourced 

model remains fervent. 

“If you don’t put a model 

in that works, it makes 

it look like outsourcing 

doesn’t work,” says Ralph 
Szygenda, GM’s CIO since June 1996. 
He insists that most companies that 
switch from an outsourced to an in- 
house approach “typically don’t have 
the right model in place to manage 
outsourcing.” As a result, they mistak- 
enly end up blaming outsourcing as 
a discipline. 

Szygenda acknowledges that “GM 

had done things wrong in outsourcing 


| its work, but we changed the model; 


we didn’t go back and insource.” Early 


| Outsourcing mistakes that GM later 


corrected include contracting a single 
source for services and farming out 
management and IT architecture 





www.computerworld.com 


RALPH SZYGENDA 


AYileecci it murirt ll 
of GM's global outsourcing model. 


Improves speed and agility 
MPR emir Uke Cmnlieim 
FUR eee ce ella rem eee leh T iA 


Mae ene Bit) 
Oeil e al mer eee 
EME Cue REM lenii Cm leme cy 
Or Meee ra Mea CR UCR Reto 


responsibilities to a third party. 

Today, in what he calls the compa- 
ny’s third wave of outsourcing, Szygen- 
da and his team of 1,700 IT employees 
manage GM’s outsourcing relation- 
ships with a multitude of vendors, in- 
cluding all of the major outsourcing 
companies. The GM IT group also 
oversees the various vendors’ relation- 


| ships and alignment with GM’s eight 


global operating groups and major 
subsidiaries, including GMAC Finan- 
cial Services, Hughes Electronics Corp. 
and GM Locomotive Group. 

During the first wave of outsourcing, 
by contrast, GM handed all of its IT ac- 
tivities over to EDS. “Pricing was too 
high because there wasn’t any compe- 
tition,” says Szygenda. 

Even if a single outsourcer has the 
best intentions to get the job done, 
there’s no incentive for it to complete 
tasks within budget and scope, because 
there’s no threat of it being replaced, 
he notes. 

GM has also learned that it’s a mis- 
take to outsource strategic manage- 
ment of its IT environment and archi- 
tecture to a third party, which is what 
it did under the original agreement 
with EDS. After Szygenda was brought 
in and launched the second wave in 
1996, he brought strategic IT manage- 
ment and information systems archi- 
tecture in-house to be driven by GM. 
Szygenda put in place two layers of IT 
management at the start of the third 
wave. These managers report to him 


| and oversee GM’s relationships with 


outsourcers and the business units that 
they support. 

“Every CIO who reports to me has a 
budget that they’re measured against,” 
says Szygenda. The outsourcers all 
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have to work within the framework 
that GM has devised, and while they’re 
required to understand the GM busi- 
nesses that they support, “they don’t 
direct the business,” Szygenda says. 

Szygenda and his lieutenants believe 
that GM’s existing outsourced model 
works well for a company its size be- 
cause it brings the auto giant improved 
speed and agility for IT decision-mak- 
ing and execution. For example, before 
GM brought Kirk Gutmann over from 
Navistar International Corp. in 1997 to 
be global product development infor- 
mation officer, GM’s global operations 
were bloated, the quality of its vehicles 
was sagging, and it was taking nearly 
four years for the company to bring a 
new vehicle to market. 

By tapping into a group of specialty 
IT service providers, including Micro- 
soft Corp. and Hewlett-Packard Co., 
and automating many of GM’s opera- 
tions, Gutmann has been able to help 
remove more than $1 billion from GM’s 
costs and reduce the time to market for 
GM vehicles to 18 months. 

GM’s revised outsourcing approach 
of deploying a wide variety of IT ven- 
dors instead of a single vendor such as 
EDS “has allowed us to shift resources 
more quickly,” says Gutmann. Syzgen- 
da says it has also helped bring about 
double-digit gains in GM’s engineering 
productivity, in part through GM’s 
savvy use of technology. 

GM has driven other hefty bottom- 
line benefits from its outsourcing mod- 
el. In 2001 and 2002, GM achieved its 
first consecutive years of market-share 
gains in 25 years. The company has 
also cut $800 million annually from its 
IT costs for the past seven years. Still, 
Szygenda is the first to acknowledge 
that GM’s outsourcing model wouldn’t 
work for all companies. “There is no 
one answer for any company. You have 
to go in and decide what is best for 
that company,” he says. 


Depositing IT at Bank One 
Chicago-based Bank One has taken a 
considerably different approach to 
managing its IT operations. In 1998, it 
signed a six-year, $1.4 billion contract 
with AT&T Solutions to manage the 
bank’s voice and data networks and 
build an IP-based networking platform. 

As part of that agreement, the bank 
also inked a seven-year, $420 million 
pact with IBM to manage most of its 
data center operations, including help 
desk support. At the time. Bank One, 
then called Banc One, was in the proc- 
ess of merging with First Chicago 
NBD Corp. 

Since then, a lot more than the name 
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Savvy 
Tips 


= An outsourcing model needs 
effective checks and balances. 
GM compiles report cards for all 
the vendors it works with, grad- 
ing them in 20 areas. 


= Competition is key. Using 
multiple vendors is critical to 
motivating them to strive for 
quality and keep costs down 


= Don’t outsource control of 
your company’s IT architecture 
or business processes. 


= Make sure that there's a 
strong business case for out- 
sourcing specific IT functions 


= Management controls - 
including project tracking and 
management systems - are keys 
to success. 


= One outsourcing model won't 
work for every company. 


has changed. The bank brought in a 
new CEO, Jamie Dimon, a tech-savvy 
veteran of Citigroup Inc., and CIO 
Austin Adams, the former CIO at First 
Union Corp. in Charlotte, N.C. The 
bank also negotiated to end its original 
contracts with AT&T Solutions and 
IBM before they were due to expire. 


| 
| 
| 
| 





Today, Bank One is intent on main- 
taining a ratio of 90% in-house IT staff 
and 10% contractors, most of whom 
are application developers. Compare 


| that with a 70%-to-30% ratio just two 


years ago. The key driver behind the 
change is the dramatic shift in the IT 
labor market since the go-go days of 
the dot-com craze, when Bank One 
was having trouble recruiting skilled 
IT workers. 

“If we would have approached [IT 
and telecom workers] about working 
for a bank four years ago, they would 
have laughed at us,” says Adams, who 
in March 2001 joined the bank, which 
has $277 billion in assets. “The world 
has changed a lot in the last 
three or four years. We’ve 
been able to attract a lot of 
technology talent from 
firms that have been chal- 
lenged over the last couple 
of years.” 

One of the key accom- 
plishments under the insourced IT 
model was a $500 million system con- 
version project that put all of the 
bank’s transaction-related systems, in- 
cluding deposit, loan and treasury sys- 
tems, on a single platform. The project 
started in 2001 and was completed in 
four stages, wrapping up in November 
2002. The bank expects the conver- 
sions to help it cut $200 million in an- 
nual operating costs, improve cus- 
tomer service and give it the ability to 
more quickly implement new products 
and services. 

Adams insists the decision to re- 
scind the outsourcing agreements with 
IBM and AT&T Solutions last year 
wasn’t a result of dissatisfaction with 
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to offshore outsourcing 
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either vendor. In fact, the bank still 
does business with both, he says. 

“Tt’s not an issue with an entity; it’s 
philosophical about how we want to 
do business,” says Adams. “We feel 
strongly that technology is a key part 
of our company, and our ability to 
drive that is key and something that we 
want to more directly control.” 

It also has to do with containing 
costs. Adams says the business case for 
outsourcing those IT and networking 
functions no longer exists for Bank 
One. For instance, he notes that the in- 
cremental cost for a company its size 
to buy hardware, software and services 
directly from manufacturers and ser- 
vice vendors “is significant- 
ly lower” than the premi- 
ums it would have to pay an 
outsourcer to provide those 
resources. 

Adams acknowledges 
that there’s a lot of diver- 
gence among CIOs over 
outsourcing. In Bank One’s case, he 
says, “we have a CEO who’s very tech- 
nology-literate and very supportive of 
us and our ability to manage this 
space.” That helps explain why Bank 
One has recruited 1,800 IT profession- 
als during the past 17 months, bringing 
its IT staff to 4,000 people. 

Although Adams and Bank One re- 
main committed to insourcing, he 
wouldn't rule out outsourcing some of 
its IT functions under the right circum- 
stances. “I wouldn’t bury my head in the 
sand if there was a better value proposi- 
tion,” he says. “It isn’t a philosophy em- 
bedded in stubbornness but more about 
the environment and the business case 
and the economic conditions.” D 
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What keeps databases in game shape? DB2 v8, the most advanced self-managing 

database across Linux? UNIX® and Windows? Turbocharged querying and tuning 

saves time, resources and pushes productivity skyward. And, no matter what form (© business is the game. Play to win” 
your data is in, it lets you access, analyze and manage it. DB2. It's part of the software F 

team that includes Lotus? Tivoli® and WebSphere® Learn more at ibm.com/db2/new 
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US Airways Keeps EDS 


US Airways Group Inc. has accepted a 


revised outsourcing contract with Elec- | 


tronic Data Systems Corp. that it had 


threatened to cancel. Terms of the new | 


deal weren't disclosed. Under a 25- 
year contract signed in late 1997, 
EDS provides the airline with data 
processing and telecommunications 
services for reservations, ticketing, 
baggage tracking, and flight and data 
security. The original agreement was 
valued at about $200 million per year. 
US Airways, which has been under 


Chapter 11 bankruptcy protection since | 


August, had accused EDS of failing to 
honor the contract's “most favored 
customer” clause by providing better 
terms to American Airlines Inc. 


IT Spending Sluggish 
According to recent survey results from 
Forrester Research Inc., only 27% of 
North American IT decision-makers 
said they will increase their staffs this 
year. And although 35% said they will 
increase IT spending by an average of 
1.9% in 2003 - a decline from 2.3% 
in 2002 - the amount of IT being out- 
sourced will inch up from 13% last 
year to 16% for 2003. 
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Look Before You 
ap to Outsource 


OST MAJOR CORPORATIONS are 
considering outsourcing everything 
from the corporate cafeteria to IT and 
beyond. Outsourcing is often touted 
as an easy way to achieve more func- 
tionality for less money, with less aggravation. 


But how do these deals 
actually turn out? Cus- 
tomer-satisfaction re- 
searchers at a major IT 
outsourcer report that 
most outsourcing relation- 
ships deliver less-than- 
expected results, often 
leaving both sides disillu- 
sioned by the end of the 
first year. 

If you want to pull the 
plug on your outsourcing 
deal, be aware that doing 
so is difficult and expen- 
sive at best — outsourcing 
is primarily a one-way 
street. You can avoid many 
outsourcing pitfalls by do- 
ing your homework before 
you negotiate a contract: 

1. Define explicit outsourcing boundaries. 
Many outsourcers will try to persuade 
you to outsource most or all of IT. 
Most corporations are willing to out- 
source commodity functions, but not 
the areas that give the corporation its 
competitive advantage. Don’t allow 
yourself to be pushed into outsourc- 
ing more than you have determined is 
appropriate. And never outsource one 
piece at a time without a master pian 

2. Understand your motives for outsourcing. 
Before entering into an outsourcing 


| 


| 
| 
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agreement, ruthlessly assess your mo- | 


tives. Are you primarily seeking to cut 
costs, improve service or allow man- 
agement to focus on the business? Or 
has your company simply decided that 
IT isn’t a core competency and just 
wants to get rid of the aggravation? 
Being clear about your reasons will 


allow a fair evaluation of 
the outsourcing deal after 
the first year. 

3. Carefully analyze and un- 
derstand your cost structure. 
Identify and remove ineffi- 
ciencies before outsourc- 
ing; otherwise, only your 
outsourcer will benefit. 
Evaluate your cost struc- 
ture in sufficient detail to 
have leverage over your 
outsourcer. Beware of any 
outsourcer that offers to 
cut your costs x% without 
doing any analysis! 

And if your outsourcer 
uses the new “utility” pric- 
ing for on-demand com- 
puting, make sure you 

understand all the implications — 
there’s not a lot of industry experi- 
ence with it yet. 

4. Analyze the total cost of outsourcing. Be- 
fore you weigh the price of outsourc- 
ing against your current costs, start 
with the outsourcer’s bid, then add 
the costs of preparing and evaluating 
a request for proposals, the migra- 
tion/switching costs and the cost of 
managing the outsourcer. 

5. Assess the hidden effects of outsourcing. 
Outsourcing imposes discipline on 
your organization. Shifts in architec 
tural direction can be more difficult. 
Unplanned changes become expen- 
sive and may not occur in the time 
frame you desire. Adapting to the rig- 
orous processes required by an out- 
sourcer may be difficult in some 
corporate cultures. 


6. Closely examine security and privacy. 





The new cyberdisclosure laws will 
essentially make security breaches at 
your outsourcer equivalent to securi- 
ty breaches at your own company. 
You will be equally responsible 
whether your customers’ data is com- 
promised, stolen or hacked at your 
site or the outsourcer’s site. Your ex- 
posure and liabilities are significantly 
multiplied — investigate carefully. 

7. Communicate honestly with your staff. 
Outsourcing generates apprehension, 
and rumors will fly. Unless you have a 
compelling message and communi- 
cate candidly, your best people may 
walk out the door. 

8. Design a viable exit strategy. Supplier 
failures are occurring at an alarming 
rate. Explore options and fallback po- 
sitions before you need them. 

9. Make sure initial stakeholders on both 
sides remain accountable. Many outsourc- 
ing arrangements fail because the 
original stakeholders disappear and 
their replacements are often far less 
committed to the deal. 

10. Consider offshore options. Advances 
in communications technology have 
made offshore outsourcing increas- 
ingly viable. Costs can be significantly 
lower. But understand the impact of 
international travel, language difficul- 
ties and time-zone differences on 
your business. 

The foundation of successful out- 
sourcing is clearly understanding 
what you are outsourcing and why. 
Outsourcing can be an excellent solu- 
tion, but it’s not a panacea. Don’t 
follow the outsourcing lemmings 
blindly over the cliff. Make sure you 
fully understand what, why, when, 
where, who — and how much. } 





- OFFSHORE OUTSOURCING 


To read about the debate surrounding offshore 
outsourcing, visit our Web site: 


QuickLink 36712 

Want our opinion? For more columns and links 

to our archives, go to: 
www.computerworld.com/opinions 
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EASIER TO MANAGE, 
‘SAVES MONEY. 


SLAM DUNK FOR THE 
NEW LOTUS NOTES. 
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IBM, DB2, Lotus. 
trademarks of Ini 


Introducing Lotus Notes*/Domino™ 6. It’s the easiest to manage, most cost-effective 

Notes/Domino ever. It streamlines administration, frees up network resources and 

slashes downtime. Storage costs can fall by up to 15%. Notes/Domino 6 has unsurpassed @ business is the game. Play to win” 
power and control for managing thousands of users. Lotus, part of the software team , 

that includes WebSphere® DB2° and Tivoli? Take a test-drive at ibm.com/lotus/win 





hae Mates eS 


Software Engineers & 
Programmers Anaiyze 
design, test and implement 
software applica- 
ommerc eb. 
Server technologies 
is and distrib 
apps. in Weblogic 

Apache, Mainfra 
J2EE, PB and related 
nologies utilizing appre 
priate RDBMS including 
and C HR 

Inc., 906 


#206, Lisle. 


tor, Dream 


Windows z 

BM AS 

and all network devices 
database programs for Athen: 
GA plant. Must have: BS in com 
puter scien eng'g 

ne: administration or 

field and 2 yrs exp in job offered 
or in Computer Operations 
Analysis or related 
Respond to HR Manag 
Athena Drive, Athens 
30605 Refer to Code: AR. No 
job placement agencies need to 
apply 


Computers-Programmer 
Analysts needed. Seeking qual. 
candidates possessing BS or 
equiv. and/or rel. work exp. Part 
of the rel. exp. must 
jude 1 yr. working with Visual 
MS SQL 
(AIX) and 6 months working with 
Work with 3 of the 

SQL Server 

Unix (AIX 


arver & Unix 


idows NT, Oracle & People 
Fwd. resume & ref. to 
ia, Inc., Attn: HR 


Morrison Rd anna 


Support}} 
Specialist sought by] 


iStonebridge 
Hospitality Assoc's 
iw/Bach in Comp 
Sci/Eng or related 
field w yrs exp 
Respond by resume 
lito HR Dept, 9100 E. 


Panorama Dr, #300,}} 
\}Englewood, CO} 


System Administrator want- 
ed to install, configure, sup- 
port and maintain networks. 
Bachelor's degree in a Com- 
puter related field and 2 yrs 
experience in job offered or 
Systems Administration in 
mmunication envi- 
ronment. Experience must 
include TCP/IP, Ethernet and 
resumes 


Code 


Technical Marketing Manager 


develop, & 

Tr age busin s relationships 

& partnerships. Prospect gener- 
n, preparation & pre 


Initiate, engage 


on of solutions & prof ! 
preparation & finalization. MBA 
Masters in Business: 
& 1 yr. exp. Must be willing to 
travel, use UNIX, Wind SEI 
MM & iSO Concepts. 40.0 
wk 9:00 AM 6:00 PM 
Applicants send cover letter and 
resume to: SRA Systems 
Limited, 1945 ff Valley Way 
#270, Atlanta, GA 30329, ATTN 
M. Ankarath 


Programmers needed. Seek- 
ing candidates possessing BS 
or equivalent and/or rel work 
experience. Duties include 
Analyze program applications 
Develop and deploy applica- 
tions; Integrate applications 
Work with 2 of the following 
va, J2EE, VC++, COM, First 
Visual Basic and Crys- 
tal Reports. Mail resume, ref- 
erences and salary require- 
ments to: Marketing Response 
Systems, Attn: Mel, 980 
American Pacific Drive, #104 
Henderson, NV 89014 
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puter Support Specialist 
onsible for scoping, planning 
and implementing legacy applica- 
and trair 
in tool 


GUI/400 
have 3 
k backgrc 
included providing technic 
support services oftware an 


work end s and suppc 


Attn: Corporate Re 
7 Bridger te Parkway 


Mateo, CA 94404. EEOE 


Sr Software Engineer 
for s/ware co_ in 
Rochelle Park, NJ. Must 
have Master's degree in 
Comp Sci/Comp Eng or 
reltd field & 5 yrs exp in 
job offered or in s/ware 
development position 
Send resume to: Matrix 
Info. Consulting, 365 W 
Passaic St, Rochelle 
Park, NJ 07662, attn: 
Rob Bigini 
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COMPUTERWORLD, 
AND INFOWORLD 


ea 
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HELP You Do 


A BETTER JOB. 


ceo uatca westerly 
fefep abate bun (sty 


Now Let Us HELP 
YOu GET ONE. 


e-ssential 
Pefsp uater-bul=t-} 


CALL: 


e-normous 
opportunities 


'b aGr Rael oh eS 


1-800-762-2977 
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Computerworld + InfoWorld » Network World * March 10, 2003 
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LAGE Meos eS 


You can 
finda 


bette 
JOB 


with one 
nd tied 
ehind 


your back. 


Just point your 
mouse to the 
world’s best 


IT careers site. 


Brought to 
you by 
Computerworld, 
InfoWorld and 
Network World. 


Find out more 
Call your 
ITcareers Sales 
Representative 
or 
Nancy Percival, 


1-800-762-2977 


careers.c 


Where the best 
get better 


CWO030310E/WiMW.2 


Developer sought by oncology/ 
therapeutics div. of pharma R&D 
co. in San Francisco, CA. Candi- 
date must have a Bachelor's de- 
gree or equiv. in Computer Engin: 
eering or related. Min. of 5 years 
experience in application develop- 
ment & database design & devel- 
opment on Oracle platform re- 
quired. Extensive exp. in OOAD. 
Object Oriented Programming. 
DBA, database design tools, data 
modeling tools (ERWin), SQL 
PL/SQL, Unix (sheliscripts, FTP 
automation), Java, Oracie 8i data- 
base, Oracle 11i applications (order 
fulfillment), Blue Martini CRM and 
HTML, pharma. pricing s/w cus- 
tomization required. Experience in 
pharma. pricing required. Must 
have strong analytical skills in pric- 
ng infrastructure, information ser. 
vices & data analyses, & excellent 
oral & written communication skills. 
Send resumes to: OTN, Staffing 
Dept., 395 Oyster Point Bivd., Suite 
405, South San Francisco, CA 
94080, Job Code: VM-764 or fax 
resume to: (650) 737-9576 or email 
to: jobs.otn@otnnet.com 


Sr. Programmer/Business Analyst 
(Chicago, IL) Participate in archi- 
tectural design and use case 
analysis on web-based mgt info 
syst. w/ Oracle/Win2000 env. 
using PL/SQL, VB, TOAD, MS 
Project and Rational Robot; inter 
face b/t info tech and business 
groups to identify user needs. 
prepare busi. requirement docu- 
ments, and develop project pack- 
ages applying JAD and RAD 
Requires BS in Com.Sc., Engr. or 
MIS plus 3 yrs. exp. Full- 
time/competitive salary. Resume 
to: HR NetEffects, inc 10 
Chesterfield C Ste.350, St 
Louis, MO 63017 


SR. SOFTWARE ENGINEER 
sought by Graphic Enter- 
prises of OH to dvip & support 
s/ware prodcts for newspaper 
indstry using Win NT/2000 
98/95, SQL, C/C++/Visual 
C++, COM/ATL, MFC, VB, 
VBScript, Visual.Studio.NET 
Java, JavaScript, Win 32 
APIs/STL, HTML, XML & 
HTTP. Deg in Comp Sci/Engg 
& significant work exp req'd 
Send resume to HR, Graphic 
Enterprises Inc 3874 
Highland Park NW, North 
Canton, OH 44720 


Demantra, Inc. seeks Sr 
Application Consultant to design 
demand planning — technical 
architecture; serve as demand 
planning & forecasting expert; & 
work w/customers to improve 
planning process. Hands-on 
involvement in all phases of 
Demand Chain solution, from 
business analysis to implemen- 
tation & support. Operate db 
systems to integrate demand- 
planning product in ERP & 
Supply Chain envir Job 
involves extensive travel 
Resume/cvr itr to: Demantra 
Inc; HR; 767C Concord Ave 
Cambridge, MA 02138. 


Softwaie Engineer to research, 
develop computer graphics soft- 
ware on Macintosh & Windows 
using C/C++ under MS Visual 
Studio; work on DTP features of 
the product-text input ( including 
European & Far-Eastern Asian 
character sets & input methods), 
text layout, font caching & ren- 
dering, GDI printing & PostScript 
printing; 40hpw M-F 
$52,000/yr., req. bachelors in 
computer science or related field 
plus 6 mos. exp. Fax resume to 
J. Miranda, Deneba Software, 
Inc., 1150 NW 72nd Ave., Suite 
180, Miami, FL 33126, (305) 
406-9802 
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Mercury Interactive Corpor- 
ation is the world’s leading 
provider of solutions that auto- 
mate testing, quality assurance 
and application performance 
management for e-business. 
enterprise resource planning 
and client/server applications. 


Mercury and its subsidiary 
Freshwater Software currently 
have exciting opportunities 
available at our worksites 
throughout the US, including 
Sunnyvale, CA; Boulder, CO 
for the following positions (all 
levels/all types) 


* Software Engineers (& 
Consultants) 

+ Systems Analysts/Engineers 
(& Consultants) 

+ Database Administrators 

+ Product Managers 

* Customer Support Analysts 


Please send resume to 
Mercury Interactive Corpor- 
ation with cover letter to 
Human Resou Dept. fax 
408-822-5514 or email your 
resume to jobs@merc-int.com 
For additional information on 
these and other positions, visit 
our web site at www.mercuryin- 
teractive.com Mercury 
Interactive Corporation is an 
equal employment opportunity 
employer committed to the 
development of a diverse work- 
force. 


1. 


MERCURY INTERACTIVE 


A Chicago Japanese restaurant 
is seeking an Info. System 
Manager develop/operate 
info. sys. to imate food con- 
sumption, place orders with sup- 
pliers, and Li ge daily 
restaurant < tions; install 

c restaurant-wide 
info. sys. to ease the record- 
keeping/paperwork adminis- 
ter/program a computer program 
to keep track of employee 
schedules/pay; install/operate 
Point-of-Service (POS) systems 
to increase employee productiv- 
ity and to track the sales of sp 
cific menu items; Administer 
program a computer system 
which totals checks, act as a 
cash register/credit card autho- 
rizer, and track daily sales; use 
inventory tracking software to 
compare the record of daily 
sales from the POS with a 
record of present inventory to 
minimize food costs/spoilage 
operate/program a system to 
order additional inventory from 
the supplier. 40 hrs/wk, 10am- 
7pm, $47,000/yr. B.A/B.S. in 
Business or C.S. 1 yr related 
exp. Applicant must show proof 
of lega! authority to work in the 
U.S. Send resume to IL. Dept. of 
Employment Security, 401 S 
State St. - 7 North, Chicago, IL 
60605, Attn: Leonard Boksa 
Ref# V-IL34152 - B. An empioy- 
er paid ad. No Calls-Send 2 
copies of both resume & cover 
letter 


Consultant sought by 
NYC IT firm for publish- 
ing related projects, sys- 
tem analysis & design 
BS degree, IT related 
major. Broad skills in 
desktop publishing, web 
technologies, and sys- 
tem integration. Freq. 
travel. Contact: 
careers@desknetinc.com 


Software Professionals and IT 
Managers Needed 


Digital GiobalSoft Limited (for- 
merly Digital Equipment (!ndia) 
Ltd.) is a leading software com- 
pany with offices nationwide 
With Digital you will get 
Extensive Benefits, Additional 
Compensation for referrals, and 
Professional Challenges with 
training and assignments to 
keep you at the leading edge of 
technology 


For technical positions (software 
engineers, programmer/ana- 
lysts, systems analysts), we 
need people with the following 
skills 

OS: Open VMS, NT/Windows 
2000/XP, Tru 64Unix 


Languages/Tools: ASP. 
Com/Dcom, JavaScript, VB 
Script, VB, VC++, PERL, Java 
EJB, CORBA, RMI, C/C++ 
DEC Forms, ACMS, Rally 


Middleware: MSMQ, TUXEDO. 


Database: Oracle, SQL Server. 
Sybase and Rdb 

We are also searching for SAP 
functional experts with 2 years 
implementation experience in 
various modules and Siebel cer- 
tified consultants with 2+ years 
post certification experience 


ideal candidates for !T Business 
Development Manager positions 
will have technical background 
ie Bachelor's degree in 
Engineering, Computer Science. 
Electronics or related field, and 
IT business development and 
managerial experience 

Travel to job sites throughout the 
United States may be required 
Some positions may require 
relocation to Europe and Asia’ 
Pacific. Applications can be sent 
to North America F & A 
Manager, Digital GlobalSoft 
Limited, 200 Forest Street 
MRO1-1/A65, Mariboro, MA 
01752 

Digital GlobalSoft Limited is an 
equal opportunity employer 


Web Application & Client Server 
Specialist (Sr. Programmer 
Analyst). Web Applic & Client 
Server Specialist (Sr Prgrmr 
Analyst) pos works wiclients of 
ISSI to dsgn & modify tech archi- 
tecture of client systms, & over- 
see impimtn. Pos dsgn & dvip 
applics & detailed s/ware mod- 
ules to meet specific reqmts 
using ASP, MS VB, SQL Server. 
Client Server, HTML, & C++ 
Pos serve as project leader. BS 
or foreign equiv in CS, CE, EE 
or MIS + 4 yrs exp in job offd or 
as Prgmr (or MS + 2 yrs exp.) 
Exp to inci 1 yr as team leader or 
mgr + VB, SQL Server, Client 
Server, ASP, C++, Active X. 40 
hrs/wk, $61,214/yr. Must have 
proof of legal auth to work in US. 
Send resume to IA Workforce 
Center, 215 Watson Powell Jr 
Way, Suite 100, Des Moines, IA 
50309-1727. Please ref to JO 
1A1101645. Employer paid ad. 


Seeking qualified applicants for 
the following positions in 
Memphis/Collierville, TN: Senior 
Business Application Analyst 
Act as liaison between technicai 
developers and users/customers 
Requirements: Bachelor's deg- 
ree* in computer science, math. 
Statistics, business administration 
or related field plus 5 years of 
experience in analyzing business 
systems and developing technical 
automated solutions. xperience 
with Java; application server 
(either WebLogic, WebSphere or 
JRUN); and UNIX also required 
“Master's degree in appropriate 
field will offset 2 years of general 
experience. Submit resumes to 
Sibi George, FedEx Corporate 
Services, 1900 Summit Tower 
Bivd., Suite 1400, Orlando, FL 
32810. EOE M/F/D/V. 
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It is at the heart of our work, not only the energy 
we provide to the entire world, but also the 
energy which drives our people. The following 
represents our needs in Saudi Arabia 


Web Solutions Specialist 
Senior Imagery Analyst 
Network Storage Administrator 


3D) ee earl NE a 


SAP Training Specialist 
Power Systems/ETAP Specialist 
Piel mS lum (realal(at-ig 


For consideration, please send a resume to 
Pls adie las a ee el 
SRG ieee meme l iil] 
ways: Fax: (713) 432-4600; Mail P.O. Box 4530, 
Houston, TX 77210-4530; e-mail (please cut 
and paste rather than send an attachment): 
resumes@aramcoservices.com. 


For a detailed description of the above 
STC mem kc 
www.jobsataramco.com 


Es Tutrei ges yes 


audi Aramco 


Prog. Analysts to analyze, design 
maintain 2 u Cc. Java 
HTML, VBScript 
Rational Rose under Windows OS 
desigr mplement GUI! 
RDBMS us VE 
Oracle, MS Access, SQL 
Require: B.S loreign equiv 
CS/Engg (any t & 2 yrs 
exp. in the fi 
design, develop, test, impler 

S Jracie, SQL 
Server, MS Access on Windows 
Unix, design, develop web appis 
using HTML, Java, ASP. JDK. C 


JScript: provide training and user 
ft 


eld Enggs 


support for the systems appin sc 
ware/hardware to team and clients 
debug ana modify existing soft 
ware. Require: M.S. or foreigr 
equiv. in CS/Engg. (any branch 
with 1 yr exp. in the field. High sal- 
ary. F/T. Travel involved. Resume 
to: Infosmart Technologies. 5 
Leatherman Ct, Alpharetta. 
30005. 


System Admins to install, maintain 
administer Windows NT, Linux 
HP-UX,SCO/Solaris:pian, imple- 
ment, maintain and troubleshoot 
LAN/WAN installations; manage 
networking protocols such as 
TCP/IP, IPX/SPX, etc; install 
upgrade network computer hard- 
ware/software. Systems Analysts 
to analyze, design appls using 
Java, VB, Oracle, SQL Server 
ASP, Active X, HTML/DHTML 
JavaScript, etc. under Windows 
OS; write triggers and stored pro- 
cedures to account for business 
processes; perform req. analysis: 
develop user interface, reports. 
Require: B.S. or foreign equiv with 
conc in CS/Science/Engg.(Any 
branch) and 2 yrs of exp. in IT. 
Travel involved. High Salary. F/T. 
Resume to: Radiant Technologies, 
Inc., 335 Majestic cove, Alpharetta. 
GA 30004 
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IT Developer 


S & 3 yrs exp 
r Software Eng. or 
nsultant. The 3 yrs reqd 


us! work wi/!VR appli 
ation design, dev., implementa 
tion & work in high-volume cail 
center (2-3 million calls/mos. 

yr. of reqd exp. must incl. IVR sys. 
wiPBX switches (i.e. Cisco 
Geotel ICM, Aspect ACD, SL1 
SL100 & AT&T G3) & IVR sys 
w/SpeechWorks ASR software or 
similar software package. M-F, 8 
5, Send resume to Randall Buck 
Wachovia Corporation, 1525 
West W.T. Harris Blvd, NC 0 
Charlotte, NC 28262-0775. No 
phone cails. 


System Analysts to analyze 
design, develop software for 
Wireless and Data Communica- 
tion using J2EE, XML, C, C++ 
SQL, SMPP, WAP, XHTML, 3G 
Oracle, etc. under Oracle Mobile 
Server 9IAS WE, UNIX, Sun 
Solaris etc; perform reqs gather- 
ing, design process, design 
reviews, code peer reviews 
customization and enhance- 
ments. Prog/Analysts to ana- 
lyze, design appis using C, C++ 
Java, HTML, VB, Java-Script 
SQL, Oracle, MS Access under 
Windows, UNIX OS; study, evai- 
uate new technologies/method- 
ologies; gather, document reqs 
from user community, test/trou- 
bleshoot project appi code 
according to system objectives. 
Require: BS or foreign equiv. in 
CS/Engg. (any branch) with 2 
yrs exp. High Salary. Travel 
involved. F/T. Apply to: HR 
Unilinx, Inc, 4625 Alexander Dr. 
Ste 110, Alpharetta, GA 30022. 
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Computer--TATA INFOTECH provides sophisticat 


IT solutions to various commercial organizations and 

offers a comprehensive suite of services to deliver 

end-to-end software solutions. Were part of Tato SYA Y,\ 
ZAALILA 


\ 


conglomerate and are headquartered in Indio, with ————— 


operations worldwide 


INFOTECH 


* PROGRAMMERS/ ANALYST: (code: AP/1). Reg. 1+ yrs. exp 


¢ SR. ANALYST/PROGRAMMERS: 


industry in advance programn 
« TEAM LEADERS (code: TL 


Project teams 


code: SP/2). Reg. 3-5+ yrs. exp. in IT 
ing & system analysis 
Req. 5+ years exp. in leading large 


All positions req. BS/MS in CS or related field and proficiency in one or 
more of the following: Language: COBOL CICS, Assembler, LINC, XML 
C++. Perl, and PL]. Java. Platform: IBM maintrame, Unisys mainframes 
Unix, NT. Database: Oracle, Informix, DB2, Progress, TMS, MS SQL server. 


Front-end: Developer 2000 


Power Builder, and VB. Web 


Technologies: WebSphere. Weblogic, ASP IIS. MQ series, Tuxedo. Case 
Tools: Designer 2000, ERWIN, UML. Rational Rose and any other case tool 
Network Technologies: LAN/WAN. TCP/IP routers, switches, gateway 
firewall. Support: System maintenance. break fix maintenance, network 


administration and support 


Position openings are at severa' 
could be offered posting at ony 


ions nationwide and the selected person 
of the companys project sites in the US. The 


job may require substanti::! traveling and may require relocation. TATA 


INFOTECH is an equal oppo 


unity employer. E-mail your resume, 


mentioning the position code in the subject line, to: 


jobs.us tatainfotech.com 


NEWS MEDIA MANAGER - WABC 
Eyewitness News has an immed! 
ate opening for a News Media 
Manager. Responsibilities i 
managing media ingest 

flow for multiple newscasts 


news editing 
ple years experience working ir 
TV newsroom exer 


tec ues, Com 
mfortable working 


rosoft Office and Windows 


dlines while working or 
multiple, overlapping projects. The 
News Media Manager will work 
closely with News Producers and 
Management to ensure the timely 
production of news. 

special reports and sp y 
segments. Prior supervisory experi- 


ence preferred 


Equa! Opporty Employer 


Software Engineers needed 
Seeking candidates possessing 
MS/BS or equiv. and/or rel. work 
experience. Part of the req. rel 
work exp. must include 1 year 
working with Java, ERP & CRM 
Duties include Research 
design and develop oracle data- 
bases Analyze software 
requirements and provide t 

nical support to client websites 
Experience with EDI and EIP 
are a plus. Mail res. & ref. to 
Adept Computer Consultants 
1010 Harmon Bivd., Hoffman 

ates, IL 60194 


Web Developers to solve pro- 
gramming problems in multi- 
ple internet/Extranet Web 
environment using cutting 
edge technologies. B.S 
degree and experience are 
musts. Send resume to 
Invacare Corporation, Attn 
HR, One Invacare Way 
Elyria, OH 44035, or online to 
ivcrjobsrc@invacare.com 
Please reference job code 
WD0203. EEO/M/F/D/V 





Computers-Project Leaders 
needed. Requires BS degree 
or equivalent and/or relevant 
work experience. Experience 
must include two years work- 
ing with Java, OSS and 
Tandem. Duties include: Plan 
direct and coordinate activities 
of projects; Analyze business 
requirements and _ resolve 
technical problems. Experi- 
ence with ASP, NET and SQL 
are a plus. Mail res., ref., and 
sal. req. to: Opus Software 
Solutions Private Limited, Inc 
1480 Route 9 North, #203 
Woodbridge, NJ 07095 


Software Engineers with 
interactive business appli- 
cations, _client-interface 
extranet & multi-tiered 
architecture experience to 
work in our Burlington, MA 
office. Send resume to Jay 
R. Smith Mfg. Co., Attn 
HR Mgr., Req#5565, P.O 
Box 3, Montgomery, AL 
36109-0237 or online to 


mike.polis@irsmith.com 
with Req#5565 in subject 
line. EOE 


DataWarehouse/ S/W Engg 
needed. Candidates w/MS or; 
equiv. in CS/Engg or rel 
and/or rel. work exp. Solid 
knowledge of RDBMS de- 
sign SQL, DB2, dw utilitites 
pref. Duties incl: Design 
deve and imp! s/w appls 
gather tech req. Work w/ any 
4:C/C++, VB, UNIX shells. 
Oracle, Erwin, Informatica 
ETLtools, PERL, JAVA and 
Prolog. Mail res. ref. and sal 
req. to: Avantel Softech Inc. 
180 Turnpike Rd., Westboro 
MA 01581 


romputer Systems Hardware 
Analysts needed: Seeking can- 
didates possessing BS or 
equiv. and/or rel. work experi- 
ence. Part of the req. rel. work 
exp. must include one year 
working with FPGA and ASIC 
Duties include: Design & devel- 
op wireless modems; analyze 
data processing requirements 
and provide technical support 
Must be willing to travel and 
relocate. Mail res., & ref. to 
Radia Communications, 1277 
Borregas Ave, #150 
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Companies 


ministrator at Tessy Plastics 
LLC in Lynchburg, Va., said a 
lack of funding has forced him 
to buy used equipment to back 
up his systems. “We’ve imple- 
mented a used tape drive on 
our main server and do good 
backups,” he said. “If I had to 
purchase the stuff new, I 
couldn’t have done it... . Right 
now, money is tight.” 

And Ervin isn’t alone, ac- 
cording to a study released 
last week by Dataquest Inc. in 
San Jose. The study, “Invest- 
ment Decisions: Preparing for 
Organizational Disasters,” 
found that IT managers from 
205 companies representing 
eight vertical industries in the 
U.S. aren’t investing appropri- 
ately in disaster plans because 
of inadequate budgets. 

“Budget constraints are 
forcing an average of 40% of 
respondents to rely on a best 
guess to determine potential 
risk rather than obtaining for- 
mal assessments, which would 
be too costly,” said Tony 
Adams, principal analyst at 
Dataquest’s IT Services group. 

“Preparation is key, and 
without adequate investment 
for protection of critical sys- 
tems, the repercussions of dis- 
asters will be lengthier and 
more costly,” he said. 

A security manager at one 
of the nation’s largest banks, 
who spoke on condition of 
anonymity, said the sheer size 
of his company means that de- 
partments report to various 
executives and require differ- 


Seer rerresesseseseesseseseseees 


Correction 


In the Newsmaker Q&A in last 
week's issue, Qwest Communi- 
cations International Inc., which 
sold its application service 
provider division to Corio Inc. last 
fall, was misidentified as Quest 
Software Inc., a maker of appli- 
cation management tools. 
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Disaster Planning Isn’t Funded | 


Reasons for not investing in specific 
business continuity/disaster recovery practices 


Others 
27% 


Security 
2% 


e 
Nodelivery “e 
service in our 

area 2% 


Not needed: 

other practice/ 
service/technology 
fulfills role 5% 


ent levels of certification by 
third-party disaster assess- 
ment firms. As a result, “busi- 
ness continuity planning is as 
the business sees fit,” the man- 
ager said. 

Moreover, it’s difficult to 
show the return on investment 
from hiring third-party firms 
to certify disaster recovery 
processes and assess risk, he 
said. “Companies in this space 
came off as if they’re looking 
for big dollars to tell you what 
you already know. We all see 


Continued from page 1 
States 


“That's pretty significant,” 
Kane said. 
McLean, Va.-based FSI, a re- 


search firm for the business- 


to-government market, said IT 
spending in the states will 
reach $40.7 billion in the next 
fiscal year, an increase of less 
than 2% over this year. And as 
they continue to scrape for IT 
funding, more states are ap- 
pointing enterprise architects 
to map out IT and business 
process strategies. 

Two years ago, only two 
states had specifically ap- 
pointed enterprise architects. 
Since then, the number has 


| climbed to 22, said Gerry 








Too expensive 
29% 


Too complex 
25% 


Not needed: service not of 
value in our business 10% 


the best-practice picture at the 
end of the tunnel, but we 
choose due care and sound 
business decision processes to 
get to that end,” he said. 

In any case, crisis manage- 
ment plans have been imple- 
mented at 53% of the sites that 
responded to the Dataquest 
survey, and an additional 30% 
that don’t already have plans 


| are considering developing 


them, according to the study. 
But 17% of respondents said 
that they don’t foresee devel- 


| Wethington, Missouri’s CIO 
| and president of the Lexing- 


ton, Ky.-based National Asso- 
ciation of State Chief Informa- 


| tion Officers. 


Enterprise architecture is a 


| process for defining IT and 


business process principles 
and standards. It’s also used 


| by federal and state govern- 


ments to integrate and consol- 
idate IT infrastructures that 
have been built agency by 
agency in a stovepipe fashion, 
without coordination. 
Wethington said his state’s 


use of enterprise architecture 


planning has given him the 
means to set common stan- 
dards and battle agencies ac- 
customed to making their own 
IT decisions. “If I had not had 
that chief architect ... I would 
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| study focused on the respons- 





| turf,” he said, referring to a 





oping any such plans. 

“Tt could be merely that 
clarity about the aim and func- | 
tion of crisis management is 
needed,” according to the 
study. “It could also be ex- 
plained in terms of the IT sys- 
tems not being deemed mis- 
sion-critical in importance.” 

In fact, only 10% of compa- 
nies said they always evaluate 
new initiatives in terms of 
business continuity. 

Susan Bradley, a security 
manager at Tamiyasu, Smith, 
Horn and Braun Accountancy | 
Corp., an accounting firm in 
Fresno, Calif., said the small to 
medium-size business com- 
munity is never proactive 
when it comes to ensuring 
business continuity. 

“We don’t plan. We don’t as- 
sess. We don’t analyze. We 
don’t test. We don’t plan on re- 
dundancy,” Bradley said. The 





Dataquest survey indicates 
that many large companies 
aren’t doing much better, she 
added. 

Although the Dataquest 


es and plans of IT managers, 
John Keast, chief operating of- 
ficer at SEEC Inc., a Pitts- 
burgh firm that develops soft- 
ware for the insurance and fi- 


have had eight to 12 different 
agencies fighting for their 


particular help desk consoli- 
dation project. “I can over- 





We don’t 
plan. We 
don’t assess. 
We don’t analyze. 
We don’t test. 


SUSAN BRADLEY, SECURITY MAN- 
AGER, TAMIYASU, SMITH, HORN AND 
BRAUN ACCOUNTACY CORP 


See eeresreseesseseseeesesesese 


nance industries, said that al- 


| though the CIO designs and 


implements the plan and like- 
ly orchestrates its execution 

during a disaster, the ultimate 
responsibility for focusing the 


| appropriate resources on dis- 


aster recovery and continuity 


| of operations planning rests 


with the CEO, the chief oper- 
ating officer and the board of 
directors. 

“Losing data that affects 
business operations is avoid- 


| able and unacceptable,” said 


Keast. “So CEOs and COOs 
must make it their priority.” D 


| ROLE-PLAYING 


A mock disaster scenario was played out at 
Computerworld’ s recent Premier 100 
conference. To read about the resuits, visit 
our Web site 


QuickLink 36860 
www.computerworld.com 


come turf,” Wethington added. 

The states are also being 
pushed into using enterprise 
architecture by the Bush ad- 
ministration, which wants in- 
teroperability with state sys- 
tems, said Howard Stern, se- 
nior vice president of FSI. 

One IT manager who says 
she has solved the problem of 
redundant systems consolida- 
tion is Cathy Maras-O’Leary, 
CIO of Cook County, Ill. The 
second-largest county in the 
US., Cook County centralized 
storage, mainframe and net- 
work support for 150 agencies. 

“You're not duplicating 
cost,” Maras-O’Leary said. 
Moreover, she added, “e-com- 
merce for us can be very easy 
because all our data is residing 
on our architecture.” D 
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Patch It Right Now 


AS YOUR SENDMAIL BEEN PATCHED? Are you sure? 
If the answer is no, stop reading this and get it taken 
care of. Not later today. Not later this minute. You’re 
already a week behind, and hackers have had exploit 
code working since last Tuesday. There are no work- 
arounds. Your firewall won’t protect you. Your virus scanner won’t 
protect you. A properly patched sendmail server that’s upstream 
from your site will remove the fangs from a malicious e-mail mes- 
sage that exploits this security hole — but do you really want to 
depend on the kindness of strangers? 
You can’t afford that risk. So find out. And if you have sendmail 
systems that haven’t been patched or upgraded, do it right now! 


How bad is this mess? Between 50% and 75% 
of all e-mail on the Internet is handled by send- 
mail servers. The bug that creates the security 
hole is about a decade old, which means if 
you’re using sendmail, you do have the bug. 

And since it took less than 48 hours for two 
separate groups of hackers to come up with 
working attacks on this security hole after it 
was Officially announced, you can reasonably 
expect attacks to show up on the Internet pret- 
ty quickly, too. 

Worse still, you may already have been hit by 
one. A successful attack won’t leave any evi- 
dence on your system log. Which means some- 
one who’s just testing the technique may al- 
ready have tried it on your unpatched sendmail 
systems, and you have no way of knowing. 

The good news — yes, there is some good 
news here — is that this is one very subtle se 
curity hole. It’s no simple buffer-overflow 
problem, like so many we’ve heard about. In 
this case, the buffer that lets the bad guys in is 
checked to make sure it doesn’t 
overflow. Trouble is, there’s a bug 
in one of the checking routines. 
And if a bad guy exploits that cod- 
ing error — but only if the bad guy 
knows exactly how to exploit that 
specific coding error — sendmail is 
vulnerable. 

Which explains why it took 10 
years for anyone to spot the prob- 
lem, and why it was Internet Secu- 


| 
| 
| 
| 
| 
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available to security experts and nasty crackers 
alike — and until now, no one spotted it. 
That’s how far we’ve come on security: We 
now have so many researchers digging so deep 
and looking so carefully that we’re finding se- 
curity holes we once would have called unfind- 
able. We’re no longer finding bugs just in new- 
ly released software. We’re finding and fixing 
the flaws deep in the bedrock of our IT infra- 
structure. And that makes us much safer. 
But ironically, the older and more tested and _ | 
trusted a piece of software is, the more widely 
used it’s likely to be. That means when these 
new deep searches for security holes turn 
something up, the potential impact is huge. Un- 
til that widely used software is widely patched, 
we're at risk — in a big way. Which is why, 


more than ever, none of us can afford any de- 
lays in finding the security holes in our sys- 
tems — and closing them. 

So make it a priority. Subscribe to a security 
service if you think you need it. If you don’t, 





put someone on your staff in 
charge of scanning security sites 
and news groups for patches you 
need to install. 

Then come up with a plan to im- 
plement those patches and fixes 
fast. And make sure the most criti- 
cal of them can be implemented on 
an emergency basis. 

Because finding deep, funda- 
mental security holes like the one 


www.computerworld.com 


But It’s Better Than the Fax 


IT pilot fish is suddenly responsible for phone service, 
so she asks long-distance provider for a list of phone 
numbers currently getting service. And gets it- as a 
blurry 29-page fax. Could you please send it in elec- 
tronic form? fish asks. “An hour later, | received an 
e-mail with the file attached,” says fish. “It was a 
Word document with 29 pages of screenshots of 
the spreadsheet containing our phone numbers.” 


There’s 
Two? 

This user com- 
plains she can’t 
log on - her Shift 
key isn’t working. True 
enough, says pilot fish, 


SHARK 
TANK. 


panels that 
might block the 
way, | shook the 
printer casing 
and set it on the 
; floor - after which the 

: mouse left the printer.” 


the left-hand Shift key on : 


her laptop is dead. fs 
your other Shift key bro- 
ken too? fish asks. “Oth- 
er Shift key?” says user 
blankly. “Oh!” 


Could Be... 

This intranet application 
ran fine for two months, 
but now it’s crashing the: 


: ing update CDs to field 
; staff every month. But 
: this time, it's more com- 
: plicated, so fish includes 
: anote that says in big, 
"bold letters atthe top, 
“You must follow these 


server, so pilot fish opens : instructions!” Says fish, 


an error ticket. Four days 
later, server admins re- 
turn his ticket marked 
“Solved,” adding, “We 
waiched the error log for 
four days, and no further : 
entries were written into 
it, so we assume the 
problem has disap- 


peared.” Sighs fish, “Is it i 


possible that’s because 
the application has not 
been running for four 
days?” 


Why Not Oil It? 
This printer has a paper 
jam, and it’s squeaking 
too, user tells help desk 
pilot fish. “What | found 
when I got there wasn’t 
what I expected,” fish 
says. “A mouse had 
made the printer casing 
his home and was par- 
tially caught in the 
rollers. After carefully re- 


: “ve had about 20 calls 

| that go like this: Have you 
? got the instructions? Yes, 
: 1 have them in my hands. 

| Have you read them? 

: Click. Dial tone. So far, 

: none have rung back for 

: further instructions.” 


Come From 


: Consultant pilot fish is on 
: the phone with vendor’s 
_— ee 
trouble - tech keeps 
: throwing out the vendor's 
: internal jargon instead of 
 industry-standard terms. 
: Maybe you could write a 
: dictionary of your terms 
: and customers could 
: study it to make these 
; Sarcastically. “That’s a 
: great idea,” tech chirps. 
: “ll talk to my boss 


FEED THE SHARK! Send your true tale of IT life to 


sharky@computerworld.com. You snag a snazzy 
Shark shirt if we use it. And check out the daily feed, browse 
the Sharkives and sign up for Shark Tank home delivery at 


FRANK HAYES, Computer- 
world’s senior news colum- 
nist, has covered IT for more 
than 20 years. Contact him at 


in sendmail really does make us 
safer. But the price of better secu- 
rity is greater risk — at least until 
we apply those patches. D 


rity Systems in Atlanta that spotted 
it, not some malicious adolescent in 
his bedroom. The problem was 
buried deep in code that has been 





What one thing do investors understand 
about your company better than you do? 


Your competitive advantage. 


In an era of disruptive 


change, Moore uses investor ; | ! ; ; Y I i | | 7 f 
perspective to give management . 
eee eka aan, 


teams the strategy tools they Crossing the Chasm and Inside the Tornado 


need to navigate. 
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| 
“This book is a must read for CEOs and their executive 
team.... According to Geoffrey Moore, you had better start THE 
shedding non-core activities quickly or your company MANAGEMENT 


will become a victim” CLASSIC 
—VICE PRESIDENT DICK CHENEY NOW FULLY 
REVISED 


“When you live on the fault line, you have 

to reinvent yourself every single day.” 

—BOB HERBOLD, FORMER EXECUTIVE VICE 
PRESIDENT AND COO, MICROSOFT 





“Moore shows convincingly that technology and 
capital market efficiency have fundamentally 
changed not just the reality that all managers face, 
but have changed the way they need to define, 
measure and manage success. This is a great book.” 
—CLAYTON CHRISTENSEN, AUTHOR OF 

THE INNOVATOR’S DILEMMA 
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storage software company. 


VERITAS Software lowers your storage costs regardless of 
the hardware. EMC. Hitachi. HP. IBM. Sun. What’s your agenda? 
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